comparing b9ff30367fcc7b9fd0a9ab72444df984137b7d23 and main on pyrox.dev/nix

+2 -2

.nvim.lua

···

       23
       23
        
                 expr = "(builtins.getFlake (builtins.toString ./.)).currentSystem.options",

     

       24
       24
        
               },

     

       25
       25
        
               my_modules = {

     

       26
       26
       -
                 exper = "(pkgs.lib.evalModules { modules = (builtins.getFlake (builtins.toString ./.)).nixosModules; }).options"

     

       27
       27
       -
               }

     

       26
       26
       +
                 exper = "(pkgs.lib.evalModules { modules = (builtins.getFlake (builtins.toString ./.)).nixosModules; }).options",

     

       27
       27
       +
               },

     

       28
       28
        
             },

     

       29
       29
        
           },

     

       30
       30
        
         },

+1

Justfile

···

       3
       3
        
       

     

       4
       4
        
       build:

     

       5
       5
        
           nixos-rebuild-ng build --flake . --accept-flake-config --verbose --show-trace \

     

       6
       6
       +
             --max-jobs 3 --cores 6 \

     

       6
       7
        
           && nvd diff /run/current-system result

     

       7
       8
        
       

     

       8
       9
        
       switch:

-2

TODO.md

···

       18
       18
        
       - [ ] Move all Docker containers to using native versions of databases, redis, etc.

     

       19
       19
        
         - Ensures higher performance and reduces the number of running containers.

     

       20
       20
        
         - https://github.com/felschr/nixos-config/blob/main/services/immich.nix for an example of how to do it

     

       21
       21
       -
       - [ ] Add Archivebox service(needs custom module)

     

       22
       22
       -
       - [ ] Add Immich service

     

       23
       21
        
       

     

       24
       22
        
       ## Zaphod

     

       25
       23

+7 -3

devShells/default/default.nix

···

       4
       4
        
       }:

     

       5
       5
        
       pkgs.mkShellNoCC {

     

       6
       6
        
         packages = [

     

       7
       7
       +
           # keep-sorted start

     

       7
       8
        
           pkgs.deadnix

     

       8
       9
        
           pkgs.just

     

       9
       10
        
           pkgs.nil

     

       11
       11
       +
           pkgs.nix-output-monitor

     

       10
       12
        
           pkgs.nix-tree

     

       13
       13
       +
           pkgs.nix-update

     

       11
       14
        
           pkgs.nixd

     

       12
       12
       -
           pkgs.nix-output-monitor

     

       13
       15
        
           pkgs.nixfmt-rfc-style

     

       14
       14
       -
           pkgs.statix

     

       16
       16
       +
           pkgs.nixos-rebuild-ng

     

       15
       17
        
           pkgs.nvd

     

       16
       16
       -
           pkgs.nixos-rebuild-ng

     

       18
       18
       +
           pkgs.statix

     

       19
       19
       +
           pkgs.tokei

     

       20
       20
       +
           # keep-sorted endd

     

       17
       21
        
         ];

     

       18
       22
        
       }

+77 -82

flake.lock

···

       1
       1
        
       {

     

       2
       2
        
         "nodes": {

     

       3
       3
       +
           "actor-typeahead-src": {

     

       4
       4
       +
             "flake": false,

     

       5
       5
       +
             "locked": {

     

       6
       6
       +
               "lastModified": 1762835797,

     

       7
       7
       +
               "narHash": "sha256-heizoWUKDdar6ymfZTnj3ytcEv/L4d4fzSmtr0HlXsQ=",

     

       8
       8
       +
               "ref": "refs/heads/main",

     

       9
       9
       +
               "rev": "677fe7f743050a4e7f09d4a6f87bbf1325a06f6b",

     

       10
       10
       +
               "revCount": 6,

     

       11
       11
       +
               "type": "git",

     

       12
       12
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       13
       13
       +
             },

     

       14
       14
       +
             "original": {

     

       15
       15
       +
               "type": "git",

     

       16
       16
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       17
       17
       +
             }

     

       18
       18
       +
           },

     

       3
       19
        
           "agenix": {

     

       4
       20
        
             "inputs": {

     

       5
       21
        
               "darwin": "darwin",

     
···

       59
       75
        
               "treefmt-nix": []

     

       60
       76
        
             },

     

       61
       77
        
             "locked": {

     

       62
       62
       -
               "lastModified": 1761641036,

     

       63
       63
       -
               "narHash": "sha256-WyoAA5qBHimmWj0tuJMnkIq4o8dB01st6smx3ZzI/L0=",

     

       78
       78
       +
               "lastModified": 1763946641,

     

       79
       79
       +
               "narHash": "sha256-kPP7k2b+Dkd91yJO01y3l1F0t+Mqvv8+FrPfjcCwszg=",

     

       64
       80
        
               "owner": "nix-community",

     

       65
       81
        
               "repo": "buildbot-nix",

     

       66
       66
       -
               "rev": "3cd0114c633815095fde7a3126e1dbd6ad2e673f",

     

       82
       82
       +
               "rev": "cd32d1c420320383bfcc80c1b0b402b6a7eccc23",

     

       67
       83
        
               "type": "github"

     

       68
       84
        
             },

     

       69
       85
        
             "original": {

     
···

       83
       99
        
               ]

     

       84
       100
        
             },

     

       85
       101
        
             "locked": {

     

       86
       86
       -
               "lastModified": 1762651107,

     

       87
       87
       -
               "narHash": "sha256-V++8JREoP1TC6ROYByMAKx/cSyxza0tp1tUNOpq5Z4k=",

     

       102
       102
       +
               "lastModified": 1764466211,

     

       103
       103
       +
               "narHash": "sha256-rBK+usqfAP9ZuEthw9wMCwTKQgKUMmziuzrrkpDZdzY=",

     

       88
       104
        
               "owner": "caelestia-dots",

     

       89
       105
        
               "repo": "shell",

     

       90
       90
       -
               "rev": "c0ea060ffecd3f38233652556d3085d094082400",

     

       106
       106
       +
               "rev": "40813e520582c5df11f6d4c870a31900fe171cce",

     

       91
       107
        
               "type": "github"

     

       92
       108
        
             },

     

       93
       109
        
             "original": {

     
···

       107
       123
        
               ]

     

       108
       124
        
             },

     

       109
       125
        
             "locked": {

     

       110
       110
       -
               "lastModified": 1762480719,

     

       111
       111
       -
               "narHash": "sha256-TjTMNmndJJIxP/N6owC/CoAPiRuM99fNaQbZqHDtwLw=",

     

       126
       126
       +
               "lastModified": 1764381410,

     

       127
       127
       +
               "narHash": "sha256-WR/oQQjveFqQxo8oHngZuOVgBQINDgPe+lCXLeNhAAg=",

     

       112
       128
        
               "owner": "caelestia-dots",

     

       113
       129
        
               "repo": "cli",

     

       114
       114
       -
               "rev": "9323fbf1b497204e17dff103cf412daf04a5c723",

     

       130
       130
       +
               "rev": "ed12d4cb82600872a82feb577711be1148c7af35",

     

       115
       131
        
               "type": "github"

     

       116
       132
        
             },

     

       117
       133
        
             "original": {

     
···

       125
       141
        
               "nixpkgs": "nixpkgs"

     

       126
       142
        
             },

     

       127
       143
        
             "locked": {

     

       128
       128
       -
               "lastModified": 1762510976,

     

       129
       129
       -
               "narHash": "sha256-KGoSj8qMOOPaNE48RTtuNBbqOvKLTeklnRHWWvE/TXo=",

     

       144
       144
       +
               "lastModified": 1764325801,

     

       145
       145
       +
               "narHash": "sha256-LQ7tsrXs1wuB6KBwUctL3JlUsG/FWI2pCI6NkoO52dk=",

     

       130
       146
        
               "owner": "catppuccin",

     

       131
       147
        
               "repo": "nix",

     

       132
       132
       -
               "rev": "728cb0a667ce37bb0c68557dba819c7fb54ff1c8",

     

       148
       148
       +
               "rev": "a696fed6b9b6aa89ef495842cdca3fc2a7cef0de",

     

       133
       149
        
               "type": "github"

     

       134
       150
        
             },

     

       135
       151
        
             "original": {

     
···

       184
       200
        
           "dms": {

     

       185
       201
        
             "inputs": {

     

       186
       202
        
               "dgop": "dgop",

     

       187
       187
       -
               "dms-cli": "dms-cli",

     

       188
       203
        
               "nixpkgs": [

     

       189
       204
        
                 "nixpkgs"

     

       190
       205
        
               ]

     

       191
       206
        
             },

     

       192
       207
        
             "locked": {

     

       193
       193
       -
               "lastModified": 1762714442,

     

       194
       194
       -
               "narHash": "sha256-ptdW/V1X9td4Ym3ZO6NzXHU55nKzogQI1CUbqVP1PwU=",

     

       208
       208
       +
               "lastModified": 1764553800,

     

       209
       209
       +
               "narHash": "sha256-kHlx3E3K2UNWI1Hpbyl5zieoOVevZfwz8P/OcyViDHY=",

     

       195
       210
        
               "owner": "AvengeMedia",

     

       196
       211
        
               "repo": "DankMaterialShell",

     

       197
       197
       -
               "rev": "0197961175ba8e4ed56f90a9a2a6d35f87a2f51a",

     

       212
       212
       +
               "rev": "7959a795753d9f646cfb9e21cfb778adf7e5c933",

     

       198
       213
        
               "type": "github"

     

       199
       214
        
             },

     

       200
       215
        
             "original": {

     
···

       203
       218
        
               "type": "github"

     

       204
       219
        
             }

     

       205
       220
        
           },

     

       206
       206
       -
           "dms-cli": {

     

       207
       207
       -
             "inputs": {

     

       208
       208
       -
               "nixpkgs": [

     

       209
       209
       -
                 "dms",

     

       210
       210
       -
                 "nixpkgs"

     

       211
       211
       -
               ]

     

       212
       212
       -
             },

     

       213
       213
       -
             "locked": {

     

       214
       214
       -
               "lastModified": 1762491516,

     

       215
       215
       -
               "narHash": "sha256-oGLH5Gje/p2Hc1kO3m8P5eAZ7JldBI30EmwzEET4cNU=",

     

       216
       216
       -
               "owner": "AvengeMedia",

     

       217
       217
       -
               "repo": "danklinux",

     

       218
       218
       -
               "rev": "050cf28a2963a7698ed4759736fe5fe77eee7cc2",

     

       219
       219
       -
               "type": "github"

     

       220
       220
       -
             },

     

       221
       221
       -
             "original": {

     

       222
       222
       -
               "owner": "AvengeMedia",

     

       223
       223
       -
               "repo": "danklinux",

     

       224
       224
       -
               "type": "github"

     

       225
       225
       -
             }

     

       226
       226
       -
           },

     

       227
       221
        
           "dms-plugins": {

     

       228
       222
        
             "flake": false,

     

       229
       223
        
             "locked": {

     

       230
       230
       -
               "lastModified": 1762624195,

     

       231
       231
       -
               "narHash": "sha256-zZigP1wet5mwZiXcAuzbWo4gPhPOOYLvG0DOOaWAJgQ=",

     

       224
       224
       +
               "lastModified": 1764085668,

     

       225
       225
       +
               "narHash": "sha256-KtOu12NVLdyho9T4EXJaReNhFO98nAXpemkb6yeOvwE=",

     

       232
       226
        
               "owner": "AvengeMedia",

     

       233
       227
        
               "repo": "dms-plugins",

     

       234
       234
       -
               "rev": "759584dfe660d2f8af0c25f91884e0eb397d2424",

     

       228
       228
       +
               "rev": "3bc66f186a8184cb8eca5fdfc0699cb4a828cd90",

     

       235
       229
        
               "type": "github"

     

       236
       230
        
             },

     

       237
       231
        
             "original": {

     
···

       280
       274
        
               ]

     

       281
       275
        
             },

     

       282
       276
        
             "locked": {

     

       283
       283
       -
               "lastModified": 1759332252,

     

       284
       284
       -
               "narHash": "sha256-zMPiXQmun2EIefsFlfkvcL6V2TcP0ASCjNbdaTQei68=",

     

       285
       285
       -
               "owner": "NuschtOS",

     

       286
       286
       -
               "repo": "dn42.nix",

     

       287
       287
       -
               "rev": "4f786e87300f5f0361e4b6f3577e323b091d128b",

     

       277
       277
       +
               "lastModified": 1764646680,

     

       278
       278
       +
               "narHash": "sha256-HEVzGL23bev8CuZXbLgDZRWy+mD/qPZhRBpjag7G/dU=",

     

       279
       279
       +
               "owner": "pyrox0",

     

       280
       280
       +
               "repo": "dn43.nix",

     

       281
       281
       +
               "rev": "c8b68602cf1ef696e6a9f9c25e8c177d4101331b",

     

       288
       282
        
               "type": "github"

     

       289
       283
        
             },

     

       290
       284
        
             "original": {

     

       291
       291
       -
               "owner": "NuschtOS",

     

       292
       292
       -
               "repo": "dn42.nix",

     

       285
       285
       +
               "owner": "pyrox0",

     

       286
       286
       +
               "repo": "dn43.nix",

     

       293
       287
        
               "type": "github"

     

       294
       288
        
             }

     

       295
       289
        
           },

     
···

       342
       336
        
               "nixpkgs-lib": "nixpkgs-lib"

     

       343
       337
        
             },

     

       344
       338
        
             "locked": {

     

       345
       345
       -
               "lastModified": 1762440070,

     

       346
       346
       -
               "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",

     

       339
       339
       +
               "lastModified": 1763759067,

     

       340
       340
       +
               "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",

     

       347
       341
        
               "owner": "hercules-ci",

     

       348
       342
        
               "repo": "flake-parts",

     

       349
       349
       -
               "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",

     

       343
       343
       +
               "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",

     

       350
       344
        
               "type": "github"

     

       351
       345
        
             },

     

       352
       346
        
             "original": {

     
···

       417
       411
        
               "systems": "systems_4"

     

       418
       412
        
             },

     

       419
       413
        
             "locked": {

     

       420
       420
       -
               "lastModified": 1760925941,

     

       421
       421
       -
               "narHash": "sha256-M+EJsr6z05heKk6iuh3RWZS+9gAMBwG9IyryACVpOy0=",

     

       414
       414
       +
               "lastModified": 1764170522,

     

       415
       415
       +
               "narHash": "sha256-4c9jCOfkKNRHJLXgOIcVcNSaw/XaiVaqesaLJn86wGA=",

     

       422
       416
        
               "owner": "tailscale",

     

       423
       417
        
               "repo": "golink",

     

       424
       424
       -
               "rev": "42765dea97afa9f9f5ea167fb0df6f5372d78481",

     

       418
       418
       +
               "rev": "6821994de926c565d3ef9fbf3cb0e0fcb780f4be",

     

       425
       419
        
               "type": "github"

     

       426
       420
        
             },

     

       427
       421
        
             "original": {

     
···

       454
       448
        
           },

     

       455
       449
        
           "hardware": {

     

       456
       450
        
             "locked": {

     

       457
       457
       -
               "lastModified": 1762463231,

     

       458
       458
       -
               "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",

     

       451
       451
       +
               "lastModified": 1764440730,

     

       452
       452
       +
               "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",

     

       459
       453
        
               "owner": "nixos",

     

       460
       454
        
               "repo": "nixos-hardware",

     

       461
       461
       -
               "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",

     

       455
       455
       +
               "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",

     

       462
       456
        
               "type": "github"

     

       463
       457
        
             },

     

       464
       458
        
             "original": {

     
···

       499
       493
        
               ]

     

       500
       494
        
             },

     

       501
       495
        
             "locked": {

     

       502
       502
       -
               "lastModified": 1762704774,

     

       503
       503
       -
               "narHash": "sha256-iodz4xQbULkHqetbPu5BCSWsVEzZiiNSv0/dzfH4XiE=",

     

       496
       496
       +
               "lastModified": 1764544324,

     

       497
       497
       +
               "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=",

     

       504
       498
        
               "owner": "nix-community",

     

       505
       499
        
               "repo": "home-manager",

     

       506
       506
       -
               "rev": "be4a9233dd3f6104c9b0fdd3d56f953eb519a4c7",

     

       500
       500
       +
               "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612",

     

       507
       501
        
               "type": "github"

     

       508
       502
        
             },

     

       509
       503
        
             "original": {

     
···

       618
       612
        
               ]

     

       619
       613
        
             },

     

       620
       614
        
             "locked": {

     

       621
       621
       -
               "lastModified": 1762660502,

     

       622
       622
       -
               "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",

     

       615
       615
       +
               "lastModified": 1764475780,

     

       616
       616
       +
               "narHash": "sha256-77jL5H5x51ksLiOUDjY0ZK8e2T4ZXLhj3ap8ETvknWI=",

     

       623
       617
        
               "owner": "Mic92",

     

       624
       618
        
               "repo": "nix-index-database",

     

       625
       625
       -
               "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",

     

       619
       619
       +
               "rev": "5a3ff8c1a09003f399f43d5742d893c0b1ab8af0",

     

       626
       620
        
               "type": "github"

     

       627
       621
        
             },

     

       628
       622
        
             "original": {

     
···

       633
       627
        
           },

     

       634
       628
        
           "nixpkgs": {

     

       635
       629
        
             "locked": {

     

       636
       636
       -
               "lastModified": 1762111121,

     

       637
       637
       -
               "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",

     

       630
       630
       +
               "lastModified": 1763966396,

     

       631
       631
       +
               "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",

     

       638
       632
        
               "owner": "NixOS",

     

       639
       633
        
               "repo": "nixpkgs",

     

       640
       640
       -
               "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",

     

       634
       634
       +
               "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",

     

       641
       635
        
               "type": "github"

     

       642
       636
        
             },

     

       643
       637
        
             "original": {

     
···

       664
       658
        
           },

     

       665
       659
        
           "nixpkgs-stalwart-fix": {

     

       666
       660
        
             "locked": {

     

       667
       667
       -
               "lastModified": 1755293787,

     

       668
       668
       -
               "narHash": "sha256-L+msFwg9jXAj4JmDFQF9BIg2kQhgUzexVmDYePfKMW8=",

     

       661
       661
       +
               "lastModified": 1762728499,

     

       662
       662
       +
               "narHash": "sha256-XtT/8ID3gz9RGk8ITBnktmodq5/ZG6tF60XSfuKSmro=",

     

       669
       663
        
               "owner": "pyrox0",

     

       670
       664
        
               "repo": "nixpkgs",

     

       671
       671
       -
               "rev": "52f6d43ca3db097cde5d0bfb30db0af5bdf41103",

     

       665
       665
       +
               "rev": "b5178ff139339638e98a1e5833add22b047f96d0",

     

       672
       666
        
               "type": "github"

     

       673
       667
        
             },

     

       674
       668
        
             "original": {

     
···

       680
       674
        
           },

     

       681
       675
        
           "nixpkgs_2": {

     

       682
       676
        
             "locked": {

     

       683
       683
       -
               "lastModified": 315532800,

     

       684
       684
       -
               "narHash": "sha256-RpDoXu4dMzS4Q3qq3vdlTXbL8ZLn42i5QPD5X0RPqT0=",

     

       685
       685
       -
               "rev": "e1ebeec86b771e9d387dd02d82ffdc77ac753abc",

     

       677
       677
       +
               "lastModified": 1764527385,

     

       678
       678
       +
               "narHash": "sha256-gpwyCnyi2or0InBXe+4I9YeED3Uly3EGH58qvVnchBY=",

     

       679
       679
       +
               "rev": "23258e03aaa49b3a68597e3e50eb0cbce7e42e9d",

     

       686
       680
        
               "type": "tarball",

     

       687
       687
       -
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre890836.e1ebeec86b77/nixexprs.tar.xz"

     

       681
       681
       +
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre904683.23258e03aaa4/nixexprs.tar.xz"

     

       688
       682
        
             },

     

       689
       683
        
             "original": {

     

       690
       684
        
               "type": "tarball",

     
···

       714
       708
        
               ]

     

       715
       709
        
             },

     

       716
       710
        
             "locked": {

     

       717
       717
       -
               "lastModified": 1761897390,

     

       718
       718
       -
               "narHash": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",

     

       711
       711
       +
               "lastModified": 1764482797,

     

       712
       712
       +
               "narHash": "sha256-ynV90KoBrPe38YFlKAHtPFk4Ee3IANUsIFGxRaq7H/s=",

     

       719
       713
        
               "owner": "quickshell-mirror",

     

       720
       714
        
               "repo": "quickshell",

     

       721
       721
       -
               "rev": "fc704e6b5d445899a1565955268c91942a4f263f",

     

       715
       715
       +
               "rev": "d24e8e9736287d01ee73ef9d573d2bc316a62d5c",

     

       722
       716
        
               "type": "github"

     

       723
       717
        
             },

     

       724
       718
        
             "original": {

     
···

       844
       838
        
           },

     

       845
       839
        
           "tangled": {

     

       846
       840
        
             "inputs": {

     

       841
       841
       +
               "actor-typeahead-src": "actor-typeahead-src",

     

       847
       842
        
               "flake-compat": "flake-compat_2",

     

       848
       843
        
               "gomod2nix": "gomod2nix",

     

       849
       844
        
               "htmx-src": "htmx-src",

     
···

       856
       851
        
               "sqlite-lib-src": "sqlite-lib-src"

     

       857
       852
        
             },

     

       858
       853
        
             "locked": {

     

       859
       859
       -
               "lastModified": 1762522051,

     

       860
       860
       -
               "narHash": "sha256-qDVJ2sEQL0TJbWer6ByhhQrzHE1bZI3U1mmCk0sPZqo=",

     

       854
       854
       +
               "lastModified": 1764494836,

     

       855
       855
       +
               "narHash": "sha256-u1i7aMo0fTQ6WVdOZhG2fo/gEx2Fq8+3URmuqEBZGWI=",

     

       861
       856
        
               "ref": "refs/heads/master",

     

       862
       862
       -
               "rev": "2e5a4cde904d86825cefe5971e68f1bdfb1dd36f",

     

       863
       863
       -
               "revCount": 1614,

     

       857
       857
       +
               "rev": "d37f774fb8c60aa2bd0cb965c9884457d0afb660",

     

       858
       858
       +
               "revCount": 1689,

     

       864
       859
        
               "type": "git",

     

       865
       860
        
               "url": "https://tangled.org/@tangled.org/core"

     

       866
       861
        
             },

     
···

       876
       871
        
               ]

     

       877
       872
        
             },

     

       878
       873
        
             "locked": {

     

       879
       879
       -
               "lastModified": 1762410071,

     

       880
       880
       -
               "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=",

     

       874
       874
       +
               "lastModified": 1762938485,

     

       875
       875
       +
               "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",

     

       881
       876
        
               "owner": "numtide",

     

       882
       877
        
               "repo": "treefmt-nix",

     

       883
       883
       -
               "rev": "97a30861b13c3731a84e09405414398fbf3e109f",

     

       878
       878
       +
               "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",

     

       884
       879
        
               "type": "github"

     

       885
       880
        
             },

     

       886
       881
        
             "original": {

+1 -1

flake.nix

···

       51
       51
        
             url = "github:catppuccin/nix";

     

       52
       52
        
           };

     

       53
       53
        
           dn42 = {

     

       54
       54
       -
             url = "github:NuschtOS/dn42.nix";

     

       54
       54
       +
             url = "github:pyrox0/dn43.nix";

     

       55
       55
        
             inputs.nixpkgs.follows = "nixpkgs";

     

       56
       56
        
           };

     

       57
       57
        
           dms = {

+1 -1

homeModules/profiles/base/default.nix

···

       10
       10
        
       {

     

       11
       11
        
         options.py.profiles.base.enable = lib.mkEnableOption "Base Home Profile";

     

       12
       12
        
         config = lib.mkIf cfg.enable {

     

       13
       13
       -
           home.stateVersion = "25.11";

     

       13
       13
       +
           home.stateVersion = "26.05";

     

       14
       14
        
           home.language = {

     

       15
       15
        
             base = "en_US.utf8";

     

       16
       16
        
           };

+13 -10

homeModules/profiles/desktop/default.nix

···

       8
       8
        
         cfg = config.py.profiles.desktop;

     

       9
       9
        
         inherit (cfg) shell;

     

       10
       10
        
         inherit (lib) mkIf mkDefault mkEnableOption;

     

       11
       11
       +
       

     

       12
       12
       +
         mkShellOption =

     

       13
       13
       +
           name: var:

     

       14
       14
       +
           lib.mkOption {

     

       15
       15
       +
             type = lib.types.bool;

     

       16
       16
       +
             default = if (shell == var) then true else false;

     

       17
       17
       +
             description = "Enable ${name}";

     

       18
       18
       +
             readOnly = true;

     

       19
       19
       +
             visible = false;

     

       20
       20
       +
             internal = true;

     

       21
       21
       +
           };

     

       11
       22
        
       in

     

       12
       23
        
       {

     

       13
       24
        
         options.py.profiles.desktop = {

     
···

       20
       31
        
             default = "caelestia";

     

       21
       32
        
             description = "The desktop shell to use in the graphical environment";

     

       22
       33
        
           };

     

       23
       23
       -
           caelestia = lib.mkOption {

     

       24
       24
       -
             type = lib.types.bool;

     

       25
       25
       -
             default = if (shell == "caelestia") then true else false;

     

       26
       26
       -
             description = "Enable caelestia shell";

     

       27
       27
       -
           };

     

       28
       28
       -
           dms = lib.mkOption {

     

       29
       29
       -
             type = lib.types.bool;

     

       30
       30
       -
             default = if (shell == "dms") then true else false;

     

       31
       31
       -
             description = "Enable DMS";

     

       32
       32
       -
           };

     

       34
       34
       +
           caelestia = mkShellOption "Caelestia shell" "caelestia";

     

       35
       35
       +
           dms = mkShellOption "DMS" "dms";

     

       33
       36
        
         };

     

       34
       37
        
         config = mkIf cfg.enable {

     

       35
       38
        
           py.profiles.base.enable = true;

+2

homeModules/programs/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         imports = [

     

       3
       3
       +
           # keep-sorted start

     

       3
       4
        
           ./caelestia

     

       4
       5
        
           ./chromium

     

       5
       6
        
           ./dms

     
···

       17
       18
        
           ./starship

     

       18
       19
        
           ./vscodium

     

       19
       20
        
           ./zed-editor

     

       21
       21
       +
           # keep-sorted end

     

       20
       22
        
         ];

     

       21
       23
        
       }

+6 -6

homeModules/programs/neovim/default.nix

···

       24
       24
        
             pkgs.gcc

     

       25
       25
        
             pkgs.go

     

       26
       26
        
             pkgs.nodejs

     

       27
       27
       -
           ]

     

       28
       28
       -
           ++ lib.optionals config.py.profiles.gui.enable [

     

       29
       29
       -
             pkgs.ffmpegthumbnailer

     

       30
       30
       -
             pkgs.fontpreview

     

       31
       31
       -
             pkgs.poppler

     

       32
       32
       -
             pkgs.ueberzug

     

       27
       27
       +
             # ]

     

       28
       28
       +
             # ++ lib.optionals config.py.profiles.gui.enable [

     

       29
       29
       +
             #   pkgs.ffmpegthumbnailer

     

       30
       30
       +
             #   pkgs.fontpreview

     

       31
       31
       +
             #   pkgs.poppler

     

       32
       32
       +
             #   pkgs.ueberzug

     

       33
       33
        
           ];

     

       34
       34
        
         };

     

       35
       35
        
       }

+1 -1

homeModules/wayland/hypridle.nix

···

       12
       12
        
           settings = {

     

       13
       13
        
             general = {

     

       14
       14
        
               lock_cmd = "loginctl lock-session";

     

       15
       15
       -
               before_sleep_cmd = "loginctl lock-session";

     

       15
       15
       +
               # before_sleep_cmd = "loginctl lock-session";

     

       16
       16
        
               after_sleep_cmd = "hyprctl dispatch dpms on";

     

       17
       17
        
               inhibit_sleep = 3;

     

       18
       18
        
             };

-1

hosts/default.nix

···

       41
       41
        
                 "vps"

     

       42
       42
        
               ];

     

       43
       43
        
               modules = [

     

       44
       44
       -
                 inputs.self.nixosModules.dn42Wireguard

     

       45
       44
        
                 inputs.dn42.nixosModules.default

     

       46
       45
        
               ];

     

       47
       46
        
             };

+4 -5

hosts/marvin/default.nix

···

       8
       8
        
           ./hardware.nix

     

       9
       9
        
       

     

       10
       10
        
           # Running Services

     

       11
       11
       +
           # keep-sorted start

     

       11
       12
        
           ./services/anubis.nix

     

       12
       12
       -
           # ./services/authentik.nix

     

       13
       13
        
           ./services/avahi.nix

     

       14
       14
        
           ./services/bots.nix

     

       15
       15
        
           ./services/deemix.nix

     
···

       17
       17
        
           ./services/git.nix

     

       18
       18
        
           ./services/golink.nix

     

       19
       19
        
           ./services/grafana.nix

     

       20
       20
       -
           # ./services/iceshrimp.nix

     

       20
       20
       +
           ./services/immich.nix

     

       21
       21
        
           ./services/jellyfin.nix

     

       22
       22
        
           ./services/matrix.nix

     

       23
       23
        
           ./services/miniflux.nix

     

       24
       24
       +
           ./services/nextcloud

     

       24
       25
        
           ./services/nginx.nix

     

       25
       25
       -
           ./services/nextcloud

     

       26
       26
        
           ./services/pinchflat.nix

     

       27
       27
       -
           ./services/pingvin-share.nix

     

       28
       27
        
           ./services/planka.nix

     

       29
       28
        
           ./services/pocket-id.nix

     

       30
       29
        
           ./services/podman.nix

     

       31
       30
        
           ./services/postgres.nix

     

       32
       31
        
           ./services/prometheus.nix

     

       33
       33
       -
           # ./services/redlib.nix

     

       34
       32
        
           ./services/scrutiny.nix

     

       35
       33
        
           ./services/syncthing.nix

     

       36
       34
        
           ./services/tailscale.nix

     

       37
       35
        
           ./services/tangled.nix

     

       38
       36
        
           ./services/vaultwarden.nix

     

       39
       37
        
           ./services/zfs.nix

     

       38
       38
       +
           # keep-sorted end

     

       40
       39
        
         ];

     

       41
       40
        
         nix.settings.max-jobs = 12;

     

       42
       41
        
         networking = {

+2

hosts/marvin/services/anubis.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
       +
         self',

     

       3
       4
        
         ...

     

       4
       5
        
       }:

     

       5
       6
        
       {

     
···

       15
       16
        
               ED25519_PRIVATE_KEY_HEX_FILE = config.age.secrets.anubis-key.path;

     

       16
       17
        
               OG_PASSTHROUGH = true;

     

       17
       18
        
               OG_CACHE_CONSIDER_HOST = true;

     

       19
       19
       +
               POLICY_FNAME = "${self'.packages.anubis-files}/policies/default.yaml";

     

       18
       20
        
             };

     

       19
       21
        
           };

     

       20
       22
        
           age.secrets.anubis-key = {

-92

hosts/marvin/services/authentik.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         self,

     

       4
       4
       -
         ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       let

     

       7
       7
       -
         d = self.lib.data.services.authentik;

     

       8
       8
       -
       in

     

       9
       9
       -
       {

     

       10
       10
       -
         virtualisation.oci-containers.containers =

     

       11
       11
       -
           let

     

       12
       12
       -
             authentikVersion = "2025.4";

     

       13
       13
       -
             base = {

     

       14
       14
       -
               environmentFiles = [ config.age.secrets.authentik-env.path ];

     

       15
       15
       -
               extraOptions = [ "--network=authentik" ];

     

       16
       16
       -
             };

     

       17
       17
       -
             authentikBase = base // {

     

       18
       18
       -
               image = "ghcr.io/goauthentik/server:${authentikVersion}";

     

       19
       19
       -
               environment = {

     

       20
       20
       -
                 AUTHENTIK_REDIS__HOST = "authentik-redict";

     

       21
       21
       -
       

     

       22
       22
       -
                 # Postgres Settings

     

       23
       23
       -
                 AUTHENTIK_POSTGRESQL__HOST = "authentik-db";

     

       24
       24
       -
                 AUTHENTIK_POSTGRESQL__PORT = "5432";

     

       25
       25
       -
                 AUTHENTIK_POSTGRESQL__USER = "authentik";

     

       26
       26
       -
                 AUTHENTIK_POSTGRESQL__NAME = "authentik";

     

       27
       27
       -
                 AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";

     

       28
       28
       -
       

     

       29
       29
       -
                 # Disable error reporting

     

       30
       30
       -
                 AUTHENTIK_ERROR_REPORTING__ENABLED = "false";

     

       31
       31
       -
       

     

       32
       32
       -
                 # Avatars are an attribute based on an uploaded file

     

       33
       33
       -
                 AUTHENTIK_AVATARS = "attributes.user.avatar";

     

       34
       34
       -
       

     

       35
       35
       -
                 # Email Settings

     

       36
       36
       -
                 AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev";

     

       37
       37
       -
                 AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev";

     

       38
       38
       -
                 AUTHENTIK_EMAIL__PORT = "465";

     

       39
       39
       -
                 AUTHENTIK_EMAIL__USE_TLS = "true";

     

       40
       40
       -
                 AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>";

     

       41
       41
       -
               };

     

       42
       42
       -
             };

     

       43
       43
       -
             authentikVols = [

     

       44
       44
       -
               "/var/lib/authentik/media:/media"

     

       45
       45
       -
               "/var/lib/authentik/templates:/templates"

     

       46
       46
       -
             ];

     

       47
       47
       -
           in

     

       48
       48
       -
           {

     

       49
       49
       -
             authentik-db = base // {

     

       50
       50
       -
               image = "postgres:17-alpine";

     

       51
       51
       -
               volumes = [ "/var/lib/authentik/db:/var/lib/postgresql/data" ];

     

       52
       52
       -
               environment = {

     

       53
       53
       -
                 POSTGRES_PASSWORD = "\${PG_PASS}";

     

       54
       54
       -
                 POSTGRES_USER = "authentik";

     

       55
       55
       -
                 POSTGRES_DB = "authentik";

     

       56
       56
       -
               };

     

       57
       57
       -
             };

     

       58
       58
       -
             authentik-redict = {

     

       59
       59
       -
               image = "registry.redict.io/redict:alpine";

     

       60
       60
       -
               extraOptions = [ "--network=authentik" ];

     

       61
       61
       -
             };

     

       62
       62
       -
             authentik-server = authentikBase // {

     

       63
       63
       -
               cmd = [ "server" ];

     

       64
       64
       -
               ports = [

     

       65
       65
       -
                 "${toString d.port}:9000"

     

       66
       66
       -
                 "6943:9443"

     

       67
       67
       -
                 "9301:9300"

     

       68
       68
       -
               ];

     

       69
       69
       -
               volumes = authentikVols ++ [ "/var/lib/authentik/custom.css:/web/dist/custom.css" ];

     

       70
       70
       -
             };

     

       71
       71
       -
             authentik-worker = authentikBase // {

     

       72
       72
       -
               cmd = [ "worker" ];

     

       73
       73
       -
               volumes = authentikVols ++ [ "/var/lib/authentik/certs:/certs" ];

     

       74
       74
       -
             };

     

       75
       75
       -
             authentik-ldap = base // {

     

       76
       76
       -
               image = "ghcr.io/goauthentik/ldap:${authentikVersion}";

     

       77
       77
       -
               ports = [

     

       78
       78
       -
                 "389:3389"

     

       79
       79
       -
                 "636:6636"

     

       80
       80
       -
               ];

     

       81
       81
       -
               environment = {

     

       82
       82
       -
                 AUTHENTIK_HOST = "https://${d.extUrl}";

     

       83
       83
       -
                 AUTHENTIK_INSECURE = "false";

     

       84
       84
       -
               };

     

       85
       85
       -
             };

     

       86
       86
       -
           };

     

       87
       87
       -
         age.secrets.authentik-env = {

     

       88
       88
       -
           file = ./secrets/authentik-env.age;

     

       89
       89
       -
           owner = "thehedgehog";

     

       90
       90
       -
           group = "misc";

     

       91
       91
       -
         };

     

       92
       92
       -
       }

-5

hosts/marvin/services/bookstack.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         services.bookstack = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
         };

     

       5
       5
       -
       }

+1 -1

hosts/marvin/services/gdq-cals.nix

···

       19
       19
        
             description = "GDQ Calendar Updater";

     

       20
       20
        
             path = [ pyWithLibs ];

     

       21
       21
        
             serviceConfig = {

     

       22
       22
       -
               ExecStart = "${lib.getExe pyWithLibs} gdq_cal_ics_exporter.py--fatales --gcal --disable_general";

     

       22
       22
       +
               ExecStart = "${lib.getExe pyWithLibs} gdq_cal_ics_exporter.py --fatales --gcal --disable_general";

     

       23
       23
        
               Type = "oneshot";

     

       24
       24
        
               WorkingDirectory = "/home/thehedgehog/gdq-cals/";

     

       25
       25
        
               User = "thehedgehog";

+5 -5

hosts/marvin/services/git.nix

···

       41
       41
        
           };

     

       42
       42
        
           settings = {

     

       43
       43
        
             DEFAULT = {

     

       44
       44
       -
               APP_NAME = "PyroNet Git";

     

       44
       44
       +
               APP_NAME = "dishNet Git";

     

       45
       45
        
               RUN_MODE = "prod";

     

       46
       46
        
             };

     

       47
       47
        
             attachment = {

     

       48
       48
        
               MAX_SIZE = 200;

     

       49
       49
        
             };

     

       50
       50
       -
             log."logger.router.MODE" = "";

     

       50
       50
       +
             log.LOGGER_ROUTER_MODE = "";

     

       51
       51
        
             mailer = {

     

       52
       52
        
               ENABLED = true;

     

       53
       53
       -
               FROM = "PyroNet Git <git@pyrox.dev>";

     

       53
       53
       +
               FROM = "dishNet Git <git@pyrox.dev>";

     

       54
       54
        
               PROTOCOL = "smtps";

     

       55
       55
        
               SMTP_ADDR = "mail.pyrox.dev";

     

       56
       56
        
               SMTP_PORT = 465;

     
···

       66
       66
        
             };

     

       67
       67
        
             "ui.meta" = {

     

       68
       68
        
               AUTHOR = "dish";

     

       69
       69
       -
               DESCRIPTION = "PyroNet Git Services";

     

       69
       69
       +
               DESCRIPTION = "dishNet Git Services";

     

       70
       70
        
             };

     

       71
       71
        
             metrics = {

     

       72
       72
        
               ENABLED = true;

     
···

       85
       85
        
               ISSUE_INDEXER_PATH = "indexers/issues.bleve";

     

       86
       86
        
               # Enable repo indexing

     

       87
       87
        
               REPO_INDEXER_ENABLED = true;

     

       88
       88
       -
               REPO_INDEXER_REPO_TYPES = "sources,forks,templates,mirrors";

     

       88
       88
       +
               REPO_INDEXER_REPO_TYPES = "sources,forks";

     

       89
       89
        
               REPO_INDEXER_TYPE = "bleve";

     

       90
       90
        
               REPO_INDEXER_PATH = "indexers/repos.bleve";

     

       91
       91
        
             };

+4 -4

hosts/marvin/services/grafana.nix

···

       40
       40
        
             };

     

       41
       41
        
             smtp = {

     

       42
       42
        
               enabled = true;

     

       43
       43
       -
               user = "grafana@thehedgehog.me";

     

       44
       44
       -
               from_address = "grafana@thehedgehog.me";

     

       45
       45
       -
               host = "smtp.migadu.com:465";

     

       43
       43
       +
               user = "grafana@pyrox.dev";

     

       44
       44
       +
               from_address = "grafana@pyrox.dev";

     

       45
       45
       +
               host = "mail.pyrox.dev:465";

     

       46
       46
        
               password = "$__file{${config.age.secrets.grafana-smtp-password.path}}";

     

       47
       47
        
             };

     

       48
       48
        
           };

     
···

       62
       62
        
         services.anubis.instances.grafana = {

     

       63
       63
        
           settings = {

     

       64
       64
        
             BIND = ":${toString d.anubis}";

     

       65
       65
       -
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/grafana.yaml";

     

       65
       65
       +
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/default.yaml";

     

       66
       66
        
             TARGET = "http://localhost:${toString d.port}";

     

       67
       67
        
           };

     

       68
       68
        
         };

-97

hosts/marvin/services/iceshrimp.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         inputs,

     

       4
       4
       -
         pkgs,

     

       5
       5
       -
         lib,

     

       6
       6
       -
         self,

     

       7
       7
       -
         ...

     

       8
       8
       -
       }:

     

       9
       9
       -
       let

     

       10
       10
       -
       

     

       11
       11
       -
         d = self.lib.data.services.iceshrimp;

     

       12
       12
       -
       

     

       13
       13
       -
         package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs rec {

     

       14
       14
       -
           version = "2023.12.8-pyrox1";

     

       15
       15
       -
           src = pkgs.fetchgit {

     

       16
       16
       -
             url = "https://iceshrimp.dev/pyrox/iceshrimp";

     

       17
       17
       -
             hash = "sha256-hxZ3rVVAiAMFAYhZ2o+WhlMuhjbt5EyHKOl1VyyL5RA=";

     

       18
       18
       -
             rev = "v${version}";

     

       19
       19
       -
             fetchLFS = true;

     

       20
       20
       -
             deepClone = false;

     

       21
       21
       -
           };

     

       22
       22
       -
           patches = [ ];

     

       23
       23
       -
         };

     

       24
       24
       -
       in

     

       25
       25
       -
       {

     

       26
       26
       -
         services.iceshrimp = {

     

       27
       27
       -
           inherit package;

     

       28
       28
       -
           enable = false;

     

       29
       29
       -
           secretConfig = config.age.secrets.iceshrimp-secret-config.path;

     

       30
       30
       -
           dbPasswordFile = config.age.secrets.iceshrimp-db-password.path;

     

       31
       31
       -
           createDb = true;

     

       32
       32
       -
           configureNginx.enable = false;

     

       33
       33
       -
           settings = {

     

       34
       34
       -
             inherit (d) port;

     

       35
       35
       -
             url = "https://${d.extUrl}";

     

       36
       36
       -
             accountDomain = "pyrox.dev";

     

       37
       37
       -
             redis.port = 6997;

     

       38
       38
       -
             maxNoteLength = 16384;

     

       39
       39
       -
             maxCaptionLength = 8192;

     

       40
       40
       -
             clusterLimit = 4;

     

       41
       41
       -
             deliverJobConcurrency = 192;

     

       42
       42
       -
             inboxJobConcurrency = 32;

     

       43
       43
       -
             deliverJobPerSec = 256;

     

       44
       44
       -
             inboxJobPerSec = 32;

     

       45
       45
       -
             outgoingAddressFamily = "dual";

     

       46
       46
       -
             # See the withdrawal patches for obliterate info

     

       47
       47
       -
             enableObliterate = true;

     

       48
       48
       -
             obliterateJobPerSec = 16;

     

       49
       49
       -
             obliterateJobMaxAttempts = 3;

     

       50
       50
       -
             mediaCleanup = {

     

       51
       51
       -
               cron = true;

     

       52
       52
       -
               maxAgeDays = 30;

     

       53
       53
       -
               cleanAvatars = true;

     

       54
       54
       -
               cleanHeaders = true;

     

       55
       55
       -
             };

     

       56
       56
       -
             htmlCache = {

     

       57
       57
       -
               ttl = "6h";

     

       58
       58
       -
               prewarm = true;

     

       59
       59
       -
               dbFallback = true;

     

       60
       60
       -
             };

     

       61
       61
       -
             wordMuteCache.ttl = "24h";

     

       62
       62
       -
             isManagedHosting = true;

     

       63
       63
       -
             email = {

     

       64
       64
       -
               managed = true;

     

       65
       65
       -
               address = "social@pyrox.dev";

     

       66
       66
       -
               host = "mail.pyrox.dev";

     

       67
       67
       -
               port = 465;

     

       68
       68
       -
               user = "social@pyrox.dev";

     

       69
       69
       -
               useImplicitSslTls = true;

     

       70
       70
       -
             };

     

       71
       71
       -
             objectStorage = {

     

       72
       72
       -
               managed = true;

     

       73
       73
       -
               baseUrl = "https://pool.jortage.com/socialpyroxdev";

     

       74
       74
       -
               bucket = "socialpyroxdev";

     

       75
       75
       -
               prefix = "mkmedia";

     

       76
       76
       -
               endpoint = "pool-api.jortage.com";

     

       77
       77
       -
               region = "jort";

     

       78
       78
       -
               useSsl = true;

     

       79
       79
       -
               connnectOverProxy = false;

     

       80
       80
       -
               setPublicReadOnUpload = false;

     

       81
       81
       -
               s3ForcePathStyle = true;

     

       82
       82
       -
             };

     

       83
       83
       -
           };

     

       84
       84
       -
         };

     

       85
       85
       -
         age.secrets = lib.mkIf config.services.iceshrimp.enable {

     

       86
       86
       -
           iceshrimp-secret-config = {

     

       87
       87
       -
             inherit (config.services.iceshrimp) group;

     

       88
       88
       -
             file = ./secrets/iceshrimp-secret-config.age;

     

       89
       89
       -
             owner = config.services.iceshrimp.user;

     

       90
       90
       -
           };

     

       91
       91
       -
           iceshrimp-db-password = {

     

       92
       92
       -
             file = ./secrets/iceshrimp-db-password.age;

     

       93
       93
       -
             owner = "postgres";

     

       94
       94
       -
             group = "postgres";

     

       95
       95
       -
           };

     

       96
       96
       -
         };

     

       97
       97
       -
       }

+223

hosts/marvin/services/immich-config.json

···

       1
       1
       +
       {

     

       2
       2
       +
         "backup": {

     

       3
       3
       +
           "database": {

     

       4
       4
       +
             "cronExpression": "0 02 * * *",

     

       5
       5
       +
             "enabled": true,

     

       6
       6
       +
             "keepLastAmount": 14

     

       7
       7
       +
           }

     

       8
       8
       +
         },

     

       9
       9
       +
         "ffmpeg": {

     

       10
       10
       +
           "accel": "vaapi",

     

       11
       11
       +
           "accelDecode": true,

     

       12
       12
       +
           "acceptedAudioCodecs": ["aac", "mp3", "libopus"],

     

       13
       13
       +
           "acceptedContainers": ["mov", "ogg", "webm"],

     

       14
       14
       +
           "acceptedVideoCodecs": ["h264"],

     

       15
       15
       +
           "bframes": -1,

     

       16
       16
       +
           "cqMode": "auto",

     

       17
       17
       +
           "crf": 23,

     

       18
       18
       +
           "gopSize": 0,

     

       19
       19
       +
           "maxBitrate": "0",

     

       20
       20
       +
           "preferredHwDevice": "auto",

     

       21
       21
       +
           "preset": "veryfast",

     

       22
       22
       +
           "refs": 0,

     

       23
       23
       +
           "targetAudioCodec": "aac",

     

       24
       24
       +
           "targetResolution": "720",

     

       25
       25
       +
           "targetVideoCodec": "h264",

     

       26
       26
       +
           "temporalAQ": false,

     

       27
       27
       +
           "threads": 0,

     

       28
       28
       +
           "tonemap": "hable",

     

       29
       29
       +
           "transcode": "required",

     

       30
       30
       +
           "twoPass": false

     

       31
       31
       +
         },

     

       32
       32
       +
         "image": {

     

       33
       33
       +
           "colorspace": "p3",

     

       34
       34
       +
           "extractEmbedded": false,

     

       35
       35
       +
           "fullsize": {

     

       36
       36
       +
             "enabled": false,

     

       37
       37
       +
             "format": "jpeg",

     

       38
       38
       +
             "quality": 80

     

       39
       39
       +
           },

     

       40
       40
       +
           "preview": {

     

       41
       41
       +
             "format": "jpeg",

     

       42
       42
       +
             "quality": 80,

     

       43
       43
       +
             "size": 1440

     

       44
       44
       +
           },

     

       45
       45
       +
           "thumbnail": {

     

       46
       46
       +
             "format": "webp",

     

       47
       47
       +
             "quality": 80,

     

       48
       48
       +
             "size": 250

     

       49
       49
       +
           }

     

       50
       50
       +
         },

     

       51
       51
       +
         "job": {

     

       52
       52
       +
           "backgroundTask": {

     

       53
       53
       +
             "concurrency": 5

     

       54
       54
       +
           },

     

       55
       55
       +
           "faceDetection": {

     

       56
       56
       +
             "concurrency": 2

     

       57
       57
       +
           },

     

       58
       58
       +
           "library": {

     

       59
       59
       +
             "concurrency": 5

     

       60
       60
       +
           },

     

       61
       61
       +
           "metadataExtraction": {

     

       62
       62
       +
             "concurrency": 5

     

       63
       63
       +
           },

     

       64
       64
       +
           "migration": {

     

       65
       65
       +
             "concurrency": 5

     

       66
       66
       +
           },

     

       67
       67
       +
           "notifications": {

     

       68
       68
       +
             "concurrency": 5

     

       69
       69
       +
           },

     

       70
       70
       +
           "ocr": {

     

       71
       71
       +
             "concurrency": 1

     

       72
       72
       +
           },

     

       73
       73
       +
           "search": {

     

       74
       74
       +
             "concurrency": 5

     

       75
       75
       +
           },

     

       76
       76
       +
           "sidecar": {

     

       77
       77
       +
             "concurrency": 5

     

       78
       78
       +
           },

     

       79
       79
       +
           "smartSearch": {

     

       80
       80
       +
             "concurrency": 2

     

       81
       81
       +
           },

     

       82
       82
       +
           "thumbnailGeneration": {

     

       83
       83
       +
             "concurrency": 3

     

       84
       84
       +
           },

     

       85
       85
       +
           "videoConversion": {

     

       86
       86
       +
             "concurrency": 1

     

       87
       87
       +
           },

     

       88
       88
       +
           "workflow": {

     

       89
       89
       +
             "concurrency": 5

     

       90
       90
       +
           }

     

       91
       91
       +
         },

     

       92
       92
       +
         "library": {

     

       93
       93
       +
           "scan": {

     

       94
       94
       +
             "cronExpression": "0 0 * * *",

     

       95
       95
       +
             "enabled": true

     

       96
       96
       +
           },

     

       97
       97
       +
           "watch": {

     

       98
       98
       +
             "enabled": false

     

       99
       99
       +
           }

     

       100
       100
       +
         },

     

       101
       101
       +
         "logging": {

     

       102
       102
       +
           "enabled": true,

     

       103
       103
       +
           "level": "log"

     

       104
       104
       +
         },

     

       105
       105
       +
         "machineLearning": {

     

       106
       106
       +
           "availabilityChecks": {

     

       107
       107
       +
             "enabled": true,

     

       108
       108
       +
             "interval": 30000,

     

       109
       109
       +
             "timeout": 2000

     

       110
       110
       +
           },

     

       111
       111
       +
           "clip": {

     

       112
       112
       +
             "enabled": true,

     

       113
       113
       +
             "modelName": "ViT-B-16-SigLIP2__webli"

     

       114
       114
       +
           },

     

       115
       115
       +
           "duplicateDetection": {

     

       116
       116
       +
             "enabled": true,

     

       117
       117
       +
             "maxDistance": 0.01

     

       118
       118
       +
           },

     

       119
       119
       +
           "enabled": true,

     

       120
       120
       +
           "facialRecognition": {

     

       121
       121
       +
             "enabled": true,

     

       122
       122
       +
             "maxDistance": 0.5,

     

       123
       123
       +
             "minFaces": 7,

     

       124
       124
       +
             "minScore": 0.7,

     

       125
       125
       +
             "modelName": "buffalo_l"

     

       126
       126
       +
           },

     

       127
       127
       +
           "ocr": {

     

       128
       128
       +
             "enabled": true,

     

       129
       129
       +
             "maxResolution": 736,

     

       130
       130
       +
             "minDetectionScore": 0.5,

     

       131
       131
       +
             "minRecognitionScore": 0.8,

     

       132
       132
       +
             "modelName": "EN__PP-OCRv5_mobile"

     

       133
       133
       +
           },

     

       134
       134
       +
           "urls": ["http://localhost:3003"]

     

       135
       135
       +
         },

     

       136
       136
       +
         "map": {

     

       137
       137
       +
           "darkStyle": "https://tiles.immich.cloud/v1/style/dark.json",

     

       138
       138
       +
           "enabled": true,

     

       139
       139
       +
           "lightStyle": "https://tiles.immich.cloud/v1/style/light.json"

     

       140
       140
       +
         },

     

       141
       141
       +
         "metadata": {

     

       142
       142
       +
           "faces": {

     

       143
       143
       +
             "import": false

     

       144
       144
       +
           }

     

       145
       145
       +
         },

     

       146
       146
       +
         "newVersionCheck": {

     

       147
       147
       +
           "enabled": false

     

       148
       148
       +
         },

     

       149
       149
       +
         "nightlyTasks": {

     

       150
       150
       +
           "clusterNewFaces": true,

     

       151
       151
       +
           "databaseCleanup": true,

     

       152
       152
       +
           "generateMemories": true,

     

       153
       153
       +
           "missingThumbnails": true,

     

       154
       154
       +
           "startTime": "00:00",

     

       155
       155
       +
           "syncQuotaUsage": true

     

       156
       156
       +
         },

     

       157
       157
       +
         "notifications": {

     

       158
       158
       +
           "smtp": {

     

       159
       159
       +
             "enabled": true,

     

       160
       160
       +
             "from": "dishNet Photos <immich@pyrox.dev>",

     

       161
       161
       +
             "replyTo": "",

     

       162
       162
       +
             "transport": {

     

       163
       163
       +
               "host": "mail.pyrox.dev",

     

       164
       164
       +
               "ignoreCert": false,

     

       165
       165
       +
               "port": 25,

     

       166
       166
       +
               "secure": true,

     

       167
       167
       +
               "username": "immich@pyrox.dev"

     

       168
       168
       +
             }

     

       169
       169
       +
           }

     

       170
       170
       +
         },

     

       171
       171
       +
         "oauth": {

     

       172
       172
       +
           "autoLaunch": false,

     

       173
       173
       +
           "autoRegister": true,

     

       174
       174
       +
           "buttonText": "Login with Pocket-ID",

     

       175
       175
       +
           "clientId": "f1312240-d9fc-4336-aca6-b98316867848",

     

       176
       176
       +
           "defaultStorageQuota": null,

     

       177
       177
       +
           "enabled": true,

     

       178
       178
       +
           "issuerUrl": "https://auth.pyrox.dev",

     

       179
       179
       +
           "mobileOverrideEnabled": false,

     

       180
       180
       +
           "mobileRedirectUri": "",

     

       181
       181
       +
           "profileSigningAlgorithm": "none",

     

       182
       182
       +
           "roleClaim": "immich_role",

     

       183
       183
       +
           "scope": "openid email profile immich_role",

     

       184
       184
       +
           "signingAlgorithm": "RS256",

     

       185
       185
       +
           "storageLabelClaim": "preferred_username",

     

       186
       186
       +
           "storageQuotaClaim": "immich_quota",

     

       187
       187
       +
           "timeout": 30000,

     

       188
       188
       +
           "tokenEndpointAuthMethod": "client_secret_post"

     

       189
       189
       +
         },

     

       190
       190
       +
         "passwordLogin": {

     

       191
       191
       +
           "enabled": true

     

       192
       192
       +
         },

     

       193
       193
       +
         "reverseGeocoding": {

     

       194
       194
       +
           "enabled": true

     

       195
       195
       +
         },

     

       196
       196
       +
         "server": {

     

       197
       197
       +
           "externalDomain": "https://img.pyrox.dev",

     

       198
       198
       +
           "loginPageMessage": "",

     

       199
       199
       +
           "publicUsers": true

     

       200
       200
       +
         },

     

       201
       201
       +
         "storageTemplate": {

     

       202
       202
       +
           "enabled": false,

     

       203
       203
       +
           "hashVerificationEnabled": true,

     

       204
       204
       +
           "template": "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"

     

       205
       205
       +
         },

     

       206
       206
       +
         "templates": {

     

       207
       207
       +
           "email": {

     

       208
       208
       +
             "albumInviteTemplate": "",

     

       209
       209
       +
             "albumUpdateTemplate": "",

     

       210
       210
       +
             "welcomeTemplate": ""

     

       211
       211
       +
           }

     

       212
       212
       +
         },

     

       213
       213
       +
         "theme": {

     

       214
       214
       +
           "customCss": ""

     

       215
       215
       +
         },

     

       216
       216
       +
         "trash": {

     

       217
       217
       +
           "days": 30,

     

       218
       218
       +
           "enabled": true

     

       219
       219
       +
         },

     

       220
       220
       +
         "user": {

     

       221
       221
       +
           "deleteDelay": 7

     

       222
       222
       +
         }

     

       223
       223
       +
       }

+51

hosts/marvin/services/immich.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         self,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       8
       8
       +
         d = self.lib.data.services.immich;

     

       9
       9
       +
       in

     

       10
       10
       +
       {

     

       11
       11
       +
         services = {

     

       12
       12
       +
           immich = {

     

       13
       13
       +
             inherit (d) port;

     

       14
       14
       +
             enable = true;

     

       15
       15
       +
             host = "0.0.0.0";

     

       16
       16
       +
             redis.enable = true;

     

       17
       17
       +
             mediaLocation = "/var/media/photos/";

     

       18
       18
       +
             accelerationDevices = [ "/dev/dri/renderD128" ];

     

       19
       19
       +
             settings = lib.recursiveUpdate (builtins.fromJSON (builtins.readFile ./immich-config.json)) {

     

       20
       20
       +
               oauth.clientSecret._secret = config.age.secrets.immich-oauth-secret.path;

     

       21
       21
       +
               notifications.smtp.transport.password._secret = config.age.secrets.immich-mail-pw.path;

     

       22
       22
       +
               server.externalDomain = "https://${d.extUrl}";

     

       23
       23
       +
             };

     

       24
       24
       +
           };

     

       25
       25
       +
           immich-public-proxy = {

     

       26
       26
       +
             enable = true;

     

       27
       27
       +
             port = d.pubProxy;

     

       28
       28
       +
             immichUrl = "http://localhost:${toString d.port}";

     

       29
       29
       +
             settings.ipp = {

     

       30
       30
       +
               downloadedFilename = 1;

     

       31
       31
       +
             };

     

       32
       32
       +
           };

     

       33
       33
       +
         };

     

       34
       34
       +
         systemd.services.immich-public-proxy.environment.PUBLIC_BASE_URL = "https://${d.extUrl}";

     

       35
       35
       +
         users.users.immich.extraGroups = [

     

       36
       36
       +
           "video"

     

       37
       37
       +
           "render"

     

       38
       38
       +
         ];

     

       39
       39
       +
         age.secrets = {

     

       40
       40
       +
           immich-oauth-secret = {

     

       41
       41
       +
             file = ./secrets/immich/oauth-secret.age;

     

       42
       42
       +
             owner = "immich";

     

       43
       43
       +
             group = "immich";

     

       44
       44
       +
           };

     

       45
       45
       +
           immich-mail-pw = {

     

       46
       46
       +
             file = ./secrets/immich/mail-pw.age;

     

       47
       47
       +
             owner = "immich";

     

       48
       48
       +
             group = "immich";

     

       49
       49
       +
           };

     

       50
       50
       +
         };

     

       51
       51
       +
       }

-2

hosts/marvin/services/miniflux.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
       -
         self',

     

       4
       3
        
         self,

     

       5
       4
        
         ...

     

       6
       5
        
       }:

     
···

       33
       32
        
         services.anubis.instances.miniflux = {

     

       34
       33
        
           settings = {

     

       35
       34
        
             BIND = ":${toString d.anubis}";

     

       36
       36
       -
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/miniflux.yaml";

     

       37
       35
        
             TARGET = "http://localhost:${toString d.port}";

     

       38
       36
        
           };

     

       39
       37
        
         };

-11

hosts/marvin/services/minio.nix

···

       1
       1
       -
       { config, ... }:

     

       2
       2
       -
       {

     

       3
       3
       -
         services.minio = {

     

       4
       4
       -
           enable = true;

     

       5
       5
       -
           region = "us-east-1";

     

       6
       6
       -
           browser = true;

     

       7
       7
       -
           listenAddress = ":6990";

     

       8
       8
       -
           consoleAddress = ":6991";

     

       9
       9
       -
           rootCredentialsFile = config.age.secrets.minio-root.path;

     

       10
       10
       -
         };

     

       11
       11
       -
       }

-130

hosts/marvin/services/pingvin-share.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         pkgs,

     

       4
       4
       -
         self',

     

       5
       5
       -
         self,

     

       6
       6
       -
         ...

     

       7
       7
       -
       }:

     

       8
       8
       -
       let

     

       9
       9
       -
         d = self.lib.data.services.pingvin-share;

     

       10
       10
       -
         cfg = config.services.pingvin-share;

     

       11
       11
       -
         configFormat = pkgs.formats.yaml { };

     

       12
       12
       -
         configFile = configFormat.generate "config.yaml" {

     

       13
       13
       -
           general = {

     

       14
       14
       -
             appName = "dishNet Share";

     

       15
       15
       -
             appUrl = "https://share.pyrox.dev";

     

       16
       16
       -
             secureCookies = "true";

     

       17
       17
       -
             showHomePage = "false";

     

       18
       18
       -
           };

     

       19
       19
       -
           share = {

     

       20
       20
       -
             allowRegistration = "false";

     

       21
       21
       -
             allowUnauthenticatedShares = "false";

     

       22
       22
       -
             maxSize = "10000000000";

     

       23
       23
       -
           };

     

       24
       24
       -
           email.enableShareEmailRecipients = "true";

     

       25
       25
       -
           smtp = {

     

       26
       26
       -
             enabled = "true";

     

       27
       27
       -
             host = "mail.pyrox.dev";

     

       28
       28
       -
             port = "465";

     

       29
       29
       -
             email = "share@pyrox.dev";

     

       30
       30
       -
             username = "share@pyrox.dev";

     

       31
       31
       -
             password = "SMTP_PASSWORD";

     

       32
       32
       -
           };

     

       33
       33
       -
           ldap.enabled = "false";

     

       34
       34
       -
           legal.enabled = "false";

     

       35
       35
       -
           s3.enabled = "false";

     

       36
       36
       -
           oauth = {

     

       37
       37
       -
             ignoreTotp = "true";

     

       38
       38
       -
             oidc-enabled = "true";

     

       39
       39
       -
             oidc-clientSecret = "CLIENT_SECRET";

     

       40
       40
       -
             oidc-clientId = "d83006a6-9b08-47eb-af56-418065db09b5";

     

       41
       41
       -
             oidc-discoveryUri = "https://auth.pyrox.dev/.well-known/openid-configuration";

     

       42
       42
       -
             oidc-signOut = "false";

     

       43
       43
       -
             oidc-scope = "openid email profile groups";

     

       44
       44
       -
             oidc-rolePath = "groups";

     

       45
       45
       -
             oidc-roleAdminAccess = "admins";

     

       46
       46
       -
           };

     

       47
       47
       -
           initUser.enabled = false;

     

       48
       48
       -
         };

     

       49
       49
       -
       in

     

       50
       50
       -
       {

     

       51
       51
       -
         virtualisation.oci-containers.containers = {

     

       52
       52
       -
           pingvin-share-server = {

     

       53
       53
       -
             image = "ghcr.io/stonith404/pingvin-share:latest";

     

       54
       54
       -
             ports = [

     

       55
       55
       -
               "${toString d.port}:3000"

     

       56
       56
       -
               "${toString d.be-port}:8080"

     

       57
       57
       -
             ];

     

       58
       58
       -
             volumes = [

     

       59
       59
       -
               "/var/lib/pingvin-share/data:/opt/app/backend/data"

     

       60
       60
       -
               "/var/lib/pingvin-share/data/images:/opt/app/frontend/public/img"

     

       61
       61
       -
               "/var/lib/pingvin-share/config.yaml:/opt/app/config.yaml"

     

       62
       62
       -
             ];

     

       63
       63
       -
             environment = {

     

       64
       64
       -
               API_URL = "https://share.pyrox.dev";

     

       65
       65
       -
               PUID = "962";

     

       66
       66
       -
               PGID = "959";

     

       67
       67
       -
             };

     

       68
       68
       -
           };

     

       69
       69
       -
         };

     

       70
       70
       -
         users.users.pingvin = {

     

       71
       71
       -
           uid = 962;

     

       72
       72
       -
           inherit (cfg) group;

     

       73
       73
       -
           isSystemUser = true;

     

       74
       74
       -
         };

     

       75
       75
       -
         users.groups.pingvin = {

     

       76
       76
       -
           gid = 959;

     

       77
       77
       -
         };

     

       78
       78
       -
       

     

       79
       79
       -
         services = {

     

       80
       80
       -
           pingvin-share = {

     

       81
       81
       -
             enable = false;

     

       82
       82
       -
             backend.port = d.be-port;

     

       83
       83
       -
             frontend.port = d.port;

     

       84
       84
       -
             hostname = "share.pyrox.dev";

     

       85
       85
       -
             https = true;

     

       86
       86
       -
           };

     

       87
       87
       -
           anubis.instances = {

     

       88
       88
       -
             pingvin-share-be = {

     

       89
       89
       -
               settings = {

     

       90
       90
       -
                 BIND = ":${toString d.be-anubis}";

     

       91
       91
       -
                 POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml";

     

       92
       92
       -
                 TARGET = "http://localhost:${toString d.be-port}";

     

       93
       93
       -
               };

     

       94
       94
       -
             };

     

       95
       95
       -
             pingvin-share-fe = {

     

       96
       96
       -
               settings = {

     

       97
       97
       -
                 BIND = ":${toString d.anubis}";

     

       98
       98
       -
                 POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml";

     

       99
       99
       -
                 TARGET = "http://localhost:${toString d.port}";

     

       100
       100
       -
               };

     

       101
       101
       -
             };

     

       102
       102
       -
           };

     

       103
       103
       -
         };

     

       104
       104
       -
         systemd.services.init-pingvin-config = {

     

       105
       105
       -
           enable = true;

     

       106
       106
       -
           description = "Pingvin Share configuration setup";

     

       107
       107
       -
           wantedBy = [ "multi-user.target" ];

     

       108
       108
       -
           before = [

     

       109
       109
       -
             "docker-pingvin-share-server.service"

     

       110
       110
       -
           ];

     

       111
       111
       -
           path = [ pkgs.gnused ];

     

       112
       112
       -
           script = ''

     

       113
       113
       -
             rm ${cfg.dataDir}/config.yaml

     

       114
       114
       -
             cp ${configFile} ${cfg.dataDir}/config.yaml

     

       115
       115
       -
             sed -i "s/SMTP_PASSWORD/\"$SMTP_PASSWORD\"/" ${cfg.dataDir}/config.yaml

     

       116
       116
       -
             sed -i "s/CLIENT_SECRET/\"$CLIENT_SECRET\"/" ${cfg.dataDir}/config.yaml

     

       117
       117
       -
           '';

     

       118
       118
       -
           serviceConfig = {

     

       119
       119
       -
             EnvironmentFile = config.age.secrets.pingvin-secrets.path;

     

       120
       120
       -
             User = cfg.user;

     

       121
       121
       -
             Group = cfg.group;

     

       122
       122
       -
             ReadWritePaths = [ "${cfg.dataDir}" ];

     

       123
       123
       -
           };

     

       124
       124
       -
         };

     

       125
       125
       -
         age.secrets.pingvin-secrets = {

     

       126
       126
       -
           file = ./secrets/pingvin-secrets.age;

     

       127
       127
       -
           owner = cfg.user;

     

       128
       128
       -
           inherit (cfg) group;

     

       129
       129
       -
         };

     

       130
       130
       -
       }

+97 -34

hosts/marvin/services/planka.nix

···

       1
       1
        
       {

     

       2
       2
       +
         lib,

     

       2
       3
        
         config,

     

       4
       4
       +
         self,

     

       3
       5
        
         self',

     

       4
       4
       -
         self,

     

       6
       6
       +
         pkgs,

     

       5
       7
        
         ...

     

       6
       8
        
       }:

     

       7
       9
        
       let

     

       8
       8
       -
         dataDir = "/var/lib/planka";

     

       9
       10
        
         d = self.lib.data.services.planka;

     

       11
       11
       +
       

     

       12
       12
       +
         commonServiceConfig = {

     

       13
       13
       +
           EnvironmentFile = config.age.secrets.planka-env.path;

     

       14
       14
       +
           StateDirectory = "planka";

     

       15
       15
       +
           WorkingDirectory = "/var/lib/planka";

     

       16
       16
       +
           User = "planka";

     

       17
       17
       +
           Group = "planka";

     

       18
       18
       +
       

     

       19
       19
       +
           # Hardening

     

       20
       20
       +
           LockPersonality = true;

     

       21
       21
       +
           NoNewPrivileges = true;

     

       22
       22
       +
           PrivateDevices = true;

     

       23
       23
       +
           PrivateMounts = true;

     

       24
       24
       +
           PrivateTmp = true;

     

       25
       25
       +
           PrivateUsers = true;

     

       26
       26
       +
           ProtectClock = true;

     

       27
       27
       +
           ProtectControlGroups = true;

     

       28
       28
       +
           ProtectHome = true;

     

       29
       29
       +
           ProtectHostname = true;

     

       30
       30
       +
           ProtectKernelLogs = true;

     

       31
       31
       +
           ProtectKernelModules = true;

     

       32
       32
       +
           ProtectKernelTunables = true;

     

       33
       33
       +
           ProtectProc = "invisible";

     

       34
       34
       +
           RemoveIPC = true;

     

       35
       35
       +
           RestrictRealtime = true;

     

       36
       36
       +
           RestrictSUIDSGID = true;

     

       37
       37
       +
           UMask = "0660";

     

       38
       38
       +
           RestrictAddressFamilies = [

     

       39
       39
       +
             "AF_UNIX"

     

       40
       40
       +
             "AF_INET"

     

       41
       41
       +
             "AF_INET6"

     

       42
       42
       +
           ];

     

       43
       43
       +
         };

     

       10
       44
        
       in

     

       11
       45
        
       {

     

       12
       12
       -
         virtualisation.oci-containers.containers = {

     

       13
       13
       -
           planka-server = {

     

       14
       14
       -
             image = "ghcr.io/plankanban/planka:2.0.0-rc.4";

     

       15
       15
       -
             ports = [ "${toString d.port}:1337" ];

     

       16
       16
       -
             environment = {

     

       17
       17
       -
               BASE_URL = "https://${d.extUrl}";

     

       18
       18
       -
               DATABASE_URL = "postgresql://planka@planka-db/planka";

     

       19
       19
       -
               # Default Admin

     

       20
       20
       -
               DEFAULT_ADMIN_EMAIL = "pyrox@pyrox.dev";

     

       21
       21
       -
               DEFAULT_ADMIN_USERNAME = "pyrox";

     

       22
       22
       -
               TRUST_PROXY = "true";

     

       23
       23
       -
               DEFAULT_LANGUAGE = "en-US";

     

       46
       46
       +
         systemd = {

     

       47
       47
       +
           tmpfiles.settings = {

     

       48
       48
       +
             "10-planka"."/var/lib/planka".d = {

     

       49
       49
       +
               group = "planka";

     

       50
       50
       +
               user = "planka";

     

       51
       51
       +
               mode = "0755";

     

       24
       52
        
             };

     

       25
       25
       -
             environmentFiles = [ config.age.secrets.planka-env.path ];

     

       26
       26
       -
             volumes = [

     

       27
       27
       -
               "${dataDir}/user-avatars:/app/public/user-avatars"

     

       28
       28
       -
               "${dataDir}/project-background-images:/app/public/project-background-images"

     

       29
       29
       -
               "${dataDir}/attachments:/app/private/attachments"

     

       30
       30
       -
               "${dataDir}/favicons:/app/public/favicons"

     

       31
       31
       -
               "${dataDir}/background-images:/app/public/background-images"

     

       32
       32
       -
             ];

     

       33
       33
       -
             extraOptions = [ "--network=planka" ];

     

       34
       53
        
           };

     

       35
       35
       -
           planka-db = {

     

       36
       36
       -
             image = "postgres:16-alpine";

     

       37
       37
       -
             volumes = [ "${dataDir}/db:/var/lib/postgresql/data" ];

     

       38
       38
       -
             environment = {

     

       39
       39
       -
               POSTGRES_USER = "planka";

     

       40
       40
       -
               POSTGRES_DB = "planka";

     

       41
       41
       -
               POSTGRES_HOST_AUTH_METHOD = "trust";

     

       54
       54
       +
           services = {

     

       55
       55
       +
             planka-init-db = {

     

       56
       56
       +
               wantedBy = [ "multi-user.target" ];

     

       57
       57
       +
               after = [ "postgres.target" ];

     

       58
       58
       +
               description = "Planka Kanban Database Init Script";

     

       59
       59
       +
               path = [

     

       60
       60
       +
                 pkgs.nodejs

     

       61
       61
       +
               ];

     

       62
       62
       +
               script = ''

     

       63
       63
       +
                 if [ ! -f /var/lib/planka/db-init-ran ]; then

     

       64
       64
       +
                   node run ${self'.packages.planka}/lib/node_modules/planka/db/init.js && \

     

       65
       65
       +
                   touch /var/lib/planka/db-init-ran

     

       66
       66
       +
                 fi

     

       67
       67
       +
               '';

     

       68
       68
       +
               serviceConfig = commonServiceConfig // {

     

       69
       69
       +
                 Type = "oneshot";

     

       70
       70
       +
                 SyslogIdentifier = "planka-init-db";

     

       71
       71
       +
               };

     

       72
       72
       +
             };

     

       73
       73
       +
             planka-server = {

     

       74
       74
       +
               after = [ "planka-init-db.service" ];

     

       75
       75
       +
               wantedBy = [ "multi-user.target" ];

     

       76
       76
       +
               description = "Planka Kanban Server";

     

       77
       77
       +
               documentation = [ "https://docs.planka.cloud" ];

     

       78
       78
       +
               environment = {

     

       79
       79
       +
                 DATABASE_URL = "postgresql://%2Frun%2Fpostgresql/planka";

     

       80
       80
       +
                 DEFAULT_ADMIN_EMAIL = "pyrox@pyrox.dev";

     

       81
       81
       +
                 DEFAULT_ADMIN_USERNAME = "pyrox";

     

       82
       82
       +
                 TRUST_PROXY = "true";

     

       83
       83
       +
                 DEFAULT_LANGUAGE = "en-US";

     

       84
       84
       +
                 BASE_URL = "https://${d.extUrl}";

     

       85
       85
       +
                 NODE_ENV = "production";

     

       86
       86
       +
               };

     

       87
       87
       +
               serviceConfig = commonServiceConfig // {

     

       88
       88
       +
                 Type = "simple";

     

       89
       89
       +
                 ExecStart = "${lib.getExe self'.packages.planka} --port ${toString d.port}";

     

       90
       90
       +
                 SyslogIdentifier = "planka";

     

       91
       91
       +
               };

     

       42
       92
        
             };

     

       43
       43
       -
             extraOptions = [ "--network=planka" ];

     

       44
       93
        
           };

     

       45
       94
        
         };

     

       95
       95
       +
         users.users.planka = {

     

       96
       96
       +
           isSystemUser = true;

     

       97
       97
       +
           group = "planka";

     

       98
       98
       +
         };

     

       99
       99
       +
         users.groups.planka = { };

     

       100
       100
       +
         services.postgresql = {

     

       101
       101
       +
           ensureUsers = [

     

       102
       102
       +
             {

     

       103
       103
       +
               name = "planka";

     

       104
       104
       +
               ensureDBOwnership = true;

     

       105
       105
       +
               ensureClauses.login = true;

     

       106
       106
       +
             }

     

       107
       107
       +
           ];

     

       108
       108
       +
           ensureDatabases = [ "planka" ];

     

       109
       109
       +
         };

     

       46
       110
        
         age.secrets.planka-env = {

     

       47
       111
        
           file = ./secrets/planka-env.age;

     

       48
       48
       -
           owner = "thehedgehog";

     

       49
       49
       -
           group = "misc";

     

       112
       112
       +
           owner = "planka";

     

       113
       113
       +
           group = "planka";

     

       50
       114
        
         };

     

       51
       115
        
         services.anubis.instances.planka = {

     

       52
       116
        
           settings = {

     

       53
       117
        
             COOKIE_DOMAIN = ".cs2a.club";

     

       54
       118
        
             BIND = ":${toString d.anubis}";

     

       55
       55
       -
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/planka.yaml";

     

       56
       119
        
             TARGET = "http://localhost:${toString d.port}";

     

       57
       120
        
           };

     

       58
       121
        
         };

-2

hosts/marvin/services/pocket-id.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
       -
         self',

     

       4
       3
        
         self,

     

       5
       4
        
         ...

     

       6
       5
        
       }:

     
···

       43
       42
        
           pocket-id = {

     

       44
       43
        
             settings = {

     

       45
       44
        
               BIND = ":${toString d.anubis}";

     

       46
       46
       -
               POLICY_FNAME = "${self'.packages.anubis-files}/policies/pocket-id.yaml";

     

       47
       45
        
               TARGET = "http://localhost:${toString d.port}";

     

       48
       46
        
             };

     

       49
       47
        
           };

+23 -23

hosts/marvin/services/postgres.nix

···

       1
       1
       -
       { pkgs, config, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         cfg = config.services.postgresql;

     

       4
       4
       -
       in

     

       1
       1
       +
       { pkgs, ... }:

     

       2
       2
       +
       # let

     

       3
       3
       +
       #   cfg = config.services.postgresql;

     

       4
       4
       +
       # in

     

       5
       5
        
       {

     

       6
       6
        
         services.postgresql = {

     

       7
       7
        
           enable = true;

     
···

       28
       28
        
             max_parallel_maintenance_workers = 4;

     

       29
       29
        
           };

     

       30
       30
        
         };

     

       31
       31
       -
         systemd.timers.pg-autovacuum = {

     

       32
       32
       -
           description = "Timer for Postgres Autovacuum";

     

       33
       33
       -
           timerConfig = {

     

       34
       34
       -
             OnCalendar = "*-*-* 01:00:00";

     

       35
       35
       -
             Unit = "pg-autovacuum.service";

     

       36
       36
       -
           };

     

       37
       37
       -
         };

     

       38
       38
       -
         systemd.services.pg-autovacuum = {

     

       39
       39
       -
           description = "Vacuum all Postgres databases.";

     

       40
       40
       -
           requisite = [ "postgresql.service" ];

     

       41
       41
       -
           wantedBy = [ "multi-user.target" ];

     

       42
       42
       -
           serviceConfig = {

     

       43
       43
       -
             Type = "oneshot";

     

       44
       44
       -
             User = "postgres";

     

       45
       45
       -
             Group = "postgres";

     

       46
       46
       -
             SyslogIdentifier = "pg-autovacuum";

     

       47
       47
       -
             ExecStart = "${cfg.package}/bin/vacuumdb --all --echo --jobs=6 --parallel=5 --analyze --verbose";

     

       48
       48
       -
           };

     

       49
       49
       -
         };

     

       31
       31
       +
         # systemd.timers.pg-autovacuum = {

     

       32
       32
       +
         #   description = "Timer for Postgres Autovacuum";

     

       33
       33
       +
         #   timerConfig = {

     

       34
       34
       +
         #     OnCalendar = "*-*-* 01:00:00";

     

       35
       35
       +
         #     Unit = "pg-autovacuum.service";

     

       36
       36
       +
         #   };

     

       37
       37
       +
         # };

     

       38
       38
       +
         # systemd.services.pg-autovacuum = {

     

       39
       39
       +
         #   description = "Vacuum all Postgres databases.";

     

       40
       40
       +
         #   requisite = [ "postgresql.service" ];

     

       41
       41
       +
         #   wantedBy = [ "multi-user.target" ];

     

       42
       42
       +
         #   serviceConfig = {

     

       43
       43
       +
         #     Type = "oneshot";

     

       44
       44
       +
         #     User = "postgres";

     

       45
       45
       +
         #     Group = "postgres";

     

       46
       46
       +
         #     SyslogIdentifier = "pg-autovacuum";

     

       47
       47
       +
         #     ExecStart = "${cfg.package}/bin/vacuumdb --all --echo --jobs=6 --parallel=5 --analyze --verbose";

     

       48
       48
       +
         #   };

     

       49
       49
       +
         # };

     

       50
       50
        
       }

-5

hosts/marvin/services/prosody.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         services.prosody = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
         };

     

       5
       5
       -
       }

-12

hosts/marvin/services/redlib.nix

···

       1
       1
       -
       { pkgs, self, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         d = self.lib.data.services.redlib;

     

       4
       4
       -
       in

     

       5
       5
       -
       {

     

       6
       6
       -
         services.libreddit = {

     

       7
       7
       -
           inherit (d) port;

     

       8
       8
       -
           enable = true;

     

       9
       9
       -
           package = pkgs.redlib;

     

       10
       10
       -
           openFirewall = false;

     

       11
       11
       -
         };

     

       12
       12
       -
       }

-23

hosts/marvin/services/secrets/iceshrimp-db-password.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> ssh-ed25519 iqBxIA g+DkjSGDd+i/sdqRCuU2I2Qzmq4Q+FI7wSyfkdM9q0Q

     

       3
       3
       -
       cG52xAS/VPjCNgHdky0/jbMvF5tF+cB8BxFNCHYlf2s

     

       4
       4
       -
       -> ssh-rsa fFaiTA

     

       5
       5
       -
       r5mQer6QBi+HdSS16OLHfv/oh0hbug5drdX/BuQHMORogiDfHEM03K6pmg9064Ep

     

       6
       6
       -
       CJgl6z3IS9hlLX7cSq2kVSvP9gk+l5AmI+pMZkJyT9ED43g6wtRI7yiy1ALO0rqB

     

       7
       7
       -
       z/CPaoLkFNFlt7sDg5rijAB+t6DNAxULfFj8KR3b+NvGrrW6Vbaio+T5mg1A2PTd

     

       8
       8
       -
       60eEfuqdn9dHVI82FQFmai1LwoyButrUNn3UiP8aIdvFUueixcqsAXSK1zjPJZ5B

     

       9
       9
       -
       VeAkshwhB9+HKMH1cyRa6LUbzJYxAQBhkgTFqS/r64h3ZAYHTc0lY44VtVhbnEQI

     

       10
       10
       -
       76PBEOcQXXjvPR6yvbcVZfpqCkqfo9hb7wogPfJiRMjKM/qlpR19KOf21T0hsV6q

     

       11
       11
       -
       b7nYf01yBscx6GKXREkZoxgpo6iLLzVQqU5SzQgs7nxW089JdJ62WoZvJwTxv2G8

     

       12
       12
       -
       AdzImnsw73q55MgOYtv/A3hGM8O1Jw4Q4UfMSS43xB+cuvtlEmSqi5mFh0gPbqQR

     

       13
       13
       -
       LN8+OcDLz0SR8U6xHj9ufXfhHc4nwO8iZpzav5nZXMEb3Gmva3k8U+nnmuPKqsrL

     

       14
       14
       -
       VxFmGNxqmWPfxO0FJC/cxLKME/Lj2MU9r6KT8RQ00BjHUfoDgbFzHVLqIEbIE+Vr

     

       15
       15
       -
       /Glcmz/Ecrt3kTwfAhEDpj6g0XVNHt7HA+r4SDWjI00

     

       16
       16
       -
       -> ssh-ed25519 wpmdHA LUF/UncaQTEMQepVAhEqFm345dICeW3d3QGhiflTSH8

     

       17
       17
       -
       ImxpR4innOw1jMSF4gvmOGRDl0BzqAhOyz+GFstsJG4

     

       18
       18
       -
       -> Cg-grease k7q9

     

       19
       19
       -
       MLRf60C4nbEc9XHo26cg7UYySbZtOMP2kZtZmvLiS1XFeIqQaR0RgRcUOoTblYzo

     

       20
       20
       -
       KQ

     

       21
       21
       -
       --- PV6HHY8kDdpFcgNu83K/cwz4qQCW38jcHkTOkCunxrk

     

       22
       22
       -
       �*ǜ�lq��^��fʀ���l�� R��C}Մ�ɧ���F�ĩ�&�~h�

     

       23
       23
       -
       ̟�r��6ʞac,����lc�
>

hosts/marvin/services/secrets/iceshrimp-secret-config.age

This is a binary file and will not be displayed.

+19

hosts/marvin/services/secrets/immich/mail-pw.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 iqBxIA 3PVJMF6BgxuDxN9NAEYqcZaYEUhK9TB5XprRyW13Kx0

     

       3
       3
       +
       AIQQG+4/9SVPcfq9ZtL/JsWDmLvW03UiAJaJ1nHSckQ

     

       4
       4
       +
       -> ssh-rsa fFaiTA

     

       5
       5
       +
       ZPBI1w2a48Md+Rt92ssVcfxN26zTLCEalT+jG8SJBv07ouOzd4ibPq65m6uOQU/+

     

       6
       6
       +
       EEgHe23fGsPP4oISWDUgVFxesLA3wjsTWmbVrkrBzGQNeNnevIRMcJu7vWDtby/+

     

       7
       7
       +
       dVxPQIoXH0jPlcDQCm2lwOGD+du+Nb4PnVseRPDaXRypKKmx+J057FQemYBk4OWx

     

       8
       8
       +
       yUfbKV2gHHcuRTVUQG6XAQwWvhh4e25fyc+MzKZNPUK4c/SVibjAsUH+Edd+NaV5

     

       9
       9
       +
       yxku5k4TFZkU69sl2zCdgWfYVTowTGYGyf4Kf+I/kl9m13zIk9vRpocgt4APaJnv

     

       10
       10
       +
       p+KxJvbYRiprWl+IzZg6TwXY5mA1IbvlppR4aak1pwaIE76CgF5mGNDGkviGndtP

     

       11
       11
       +
       +eCMIocp6lk2U0dJEYkBtmjNbxFh3dxOcirgdNDypYPlZTSGvSRGhpL4nUJRsR+l

     

       12
       12
       +
       A7rJ5aHH2B4Vi93zgSV0PWiWSA7899bzgN1kQKKIgYln6Tl8UxQSNt5L3L4VajuW

     

       13
       13
       +
       3UqCltyGWt/926BMS+GrDZSWCEtVsDs5XQqDKEx6D+iviHZJXniI+RhH/eM7FLjp

     

       14
       14
       +
       iXgCRkBIALo2lOiScpr2rtfGDViq3Nh64cIslEPiewjVFTCxkxH+LuQ1stukrNki

     

       15
       15
       +
       IF0+pZ65rgatMAdnZRFXfRxmywKD99z4WRHAxvYloXc

     

       16
       16
       +
       -> ssh-ed25519 wpmdHA SQlzD3yqbnoF0JHqPFFDUugbm8jlBsdntLzF/WlJbjo

     

       17
       17
       +
       FggpB1k5xbq62QNlwkocwjiWhEqNjHAxR/GwoPhXbC8

     

       18
       18
       +
       --- 1g4f2OQbS5iXm/cqBamEWuapvZHorxfX7wHizfPcYsc

     

       19
       19
       +
       �z�92�LN=9���$O���fP���E���~�.��}7�eڰq��y�N�I�L����"%�V�lz'�أ�

+19

hosts/marvin/services/secrets/immich/oauth-secret.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 iqBxIA 4osfKV5/wFT7mCdc4TjP7pJHdD8wzV7VKKiBSGRqImk

     

       3
       3
       +
       wU6RSxJh8SBbXbiwCl4lXD/m1THoAg5n1Y7pyKFPiec

     

       4
       4
       +
       -> ssh-rsa fFaiTA

     

       5
       5
       +
       RTHaBLsBWbDEmY80LktVL/C6CeFinLm3/4t/hoWmbzLLoElBL86EGVdrE5ovjUYl

     

       6
       6
       +
       j5+ZacmqahwjCtF/ZGBt8MFkWOK9u90YDfLp+kb2ILVy/E+CcQ3xPpH9bf83pPl/

     

       7
       7
       +
       aZmttaRlhnhSDYVXB0lHx3u/cCrYhTf6TjEoVGZ/XrLW0BRmO6GSwcmTrachZzdJ

     

       8
       8
       +
       je+pf2ug//mnAJR0y4MxjGlNPD/Vaj/UiaFQjPT+7ZvUUSkbv/QpPqyhhosFA11e

     

       9
       9
       +
       1EGp21ppwUnJSNdYh2vulpQGurB5bPlv6Y8FpcFKivq/qKmA4ydyER3NcCca5Ly+

     

       10
       10
       +
       01jQ1HRqWylYJj7K4hnxSjnNlOXCrJATuPJYoNdt2U1DnolUAqL6JIP/qNmYx8Fb

     

       11
       11
       +
       ZrfFINBmPsNc9XJn14T4J+VB6e68ODBOvZdbzoBQOWAObnP5OH+zLYCB3II+aLPp

     

       12
       12
       +
       Zo5WsNBBdZih4EbO0Y9PNWBjyCzxqs7zXPg1PjjDVHN/tIpSGnqoCqCPGuePhgRV

     

       13
       13
       +
       h1gnP/lqOW2U1oL004hi3etsUsk3kXHjr35GXMVBeay+3uGXkZqhNYYSluQnJSrs

     

       14
       14
       +
       rzahZZ8/q0FDdlUixWHb2uQjL1XMTqUcw8wPsUak8shkx8s7GPKNxtEKFcK46jk4

     

       15
       15
       +
       ac9TCyee4HzPC/SWkLGFl0bt9s9lGTBSNQrVzogY/sg

     

       16
       16
       +
       -> ssh-ed25519 wpmdHA C6npqn5aqimGJlo+UlvYOoqXSu/hW1JVNAmBPP1Vvjk

     

       17
       17
       +
       gWzXqL92jI83iqSr3dydJo+UAz5OGBo6kw6QC4KRWgM

     

       18
       18
       +
       --- ltHFDmeAbJsQtyY4CKFEz8OGAkPkue/8upHNOOQgn5I

     

       19
       19
       +
       ��O�ӌ#&`���P�IZ�#�[��+�tdeG�ui�����?n"��(��b� ]s�	y줔���

-20

hosts/marvin/services/secrets/pingvin-secrets.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> ssh-ed25519 iqBxIA HdZwcvp9cLpqrUp0M7sK7ipTslMxK0EYqFfS8xtYeDk

     

       3
       3
       -
       Ud7ismLtRG4RlugV3P5wRNjRe8HcJW0rAz/adadWCNc

     

       4
       4
       -
       -> ssh-rsa fFaiTA

     

       5
       5
       -
       KwjETLhUBpq8Hfp41rg3++syweOB+yNIIdd0KeS2YjxjbDfgwzRVoM+wlB/C3b4X

     

       6
       6
       -
       W0561y9+wsnB5A6k/peXLASfVodw30vI9LdW+nHejQr9v/UooXPztoJNrfgaKUow

     

       7
       7
       -
       PsLbLUj+M8Y4i22GRKrY6rrCfJk8F4a+2b0PzDc1EqUcZOjMV7aE+fQ4U7+FD1jv

     

       8
       8
       -
       xGmrKNRXNUL1j5GpPAi7E7YXuGj2SxjZOiisKqyep5KTEFyIJ04lrN/rtbi2vkEJ

     

       9
       9
       -
       ejAFg2jIvxAWiEzEUbjOLFzeIdpb8pPqQJ3OUF4U0crT/r5dxmJKxB0J7ktS6eEY

     

       10
       10
       -
       NZ4/CtY/kLXjo9sWc6G2UtWAm+myXKsxETxFtp/RQ6LXMjS+3xbzGvkAoY/fzVMt

     

       11
       11
       -
       zLGdOV0X/paLb1jGl9CHkflq7qrpkdgqc6I5nmsOCRLHrsiVWLaCVCvu2T1fpjCh

     

       12
       12
       -
       tP+Mwdjv5ONXduoGUOxjCT8IVv7ceTt93S/9cZakpDIFJ38I1XymrjuFLfbhLMVK

     

       13
       13
       -
       VMfo9cLhWyz2/DAKA4gKnmagUhnYO2vdNBzzM9dg0/ysrLoX71ujEcxB0tx21pkE

     

       14
       14
       -
       eB3LEfFH94Izzn9crNJ1YMUFCpFayedN2uQjv89LN2oHx+mUKemXCdl+AV2sLP7P

     

       15
       15
       -
       pi4/UDjKOcIeK8cSvqJtsemjUn7QJdOamH4/IpgFh5o

     

       16
       16
       -
       -> ssh-ed25519 wpmdHA X+4vtGSjMeIuSearcEfYA8Mv5kmghhItcE1n5BPWLSo

     

       17
       17
       -
       uYkj1VkPXs8mJu99J4GFth6LyqhWymEH5fsN0+5TDsw

     

       18
       18
       -
       --- Ql8rRuZH0kS1eDQ9EYB7mW+GvcHtjXcW/Wu1ZGhjpKI

     

       19
       19
       -
       虌d0dj̭�ھ�f����� g�D�+�q��W��d������%5��1�?�U��)�tܫ��[

     

       20
       20
       -
       S�DV�+��U�".� q�i�,g{}#y�@���3O/M~��CЎBV�š� }�=����*#�7�?Q��

+2 -3

hosts/marvin/services/secrets/secrets.nix

···

       27
       27
        
         "golink-authkey.age".publicKeys = marvinDefault;

     

       28
       28
        
         "grafana-admin-password.age".publicKeys = marvinDefault;

     

       29
       29
        
         "grafana-smtp-password.age".publicKeys = marvinDefault;

     

       30
       30
       -
         "iceshrimp-secret-config.age".publicKeys = marvinDefault;

     

       31
       31
       -
         "iceshrimp-db-password.age".publicKeys = marvinDefault;

     

       30
       30
       +
         "immich/oauth-secret.age".publicKeys = marvinDefault;

     

       31
       31
       +
         "immich/mail-pw.age".publicKeys = marvinDefault;

     

       32
       32
        
         "jellyfin-exporter-config.age".publicKeys = marvinDefault;

     

       33
       33
        
         "minio-root.age".publicKeys = marvinDefault;

     

       34
       34
        
         "miniflux-admin.age".publicKeys = marvinDefault;

     

       35
       35
        
         "../nextcloud/nextcloud-admin-pw.age".publicKeys = marvinDefault;

     

       36
       36
        
         "nix-serve-priv.age".publicKeys = marvinDefault;

     

       37
       37
        
         "pinchflat-secrets.age".publicKeys = marvinDefault;

     

       38
       38
       -
         "pingvin-secrets.age".publicKeys = marvinDefault;

     

       39
       38
        
         "planka-env.age".publicKeys = marvinDefault;

     

       40
       39
        
         "pocket-id-secrets.age".publicKeys = marvinDefault;

     

       41
       40
        
         "vaultwarden-vars.age".publicKeys = marvinDefault;

+2 -23

hosts/marvin/services/vaultwarden.nix

···

       23
       23
        
             rocketAddress = "0.0.0.0";

     

       24
       24
        
             rocketCliColors = false;

     

       25
       25
        
             rocketPort = d.port;

     

       26
       26
       -
             websocketEnabled = true;

     

       27
       27
       -
             ipHeader = "X-Real-IP";

     

       28
       26
        
             reloadTemplates = false;

     

       29
       27
        
             logTimestampFormat = "%Y-%m-%d %H:%M:%S.%3f";

     

       30
       28
        
             # # Ratelimiting

     
···

       36
       34
        
       

     

       37
       35
        
             # Logging

     

       38
       36
        
             useSyslog = true;

     

       39
       39
       -
             logLevel = "info";

     

       40
       37
        
             extendedLogging = true;

     

       41
       38
        
       

     

       42
       39
        
             # Features

     
···

       46
       43
        
       

     

       47
       44
        
             # Invitations

     

       48
       45
        
             invitationsAllowed = true;

     

       49
       49
       -
             invitationOrgName = "PyroNet Vault";

     

       46
       46
       +
             invitationOrgName = "dishNet Vault";

     

       50
       47
        
             invitationExpirationHours = 168;

     

       51
       48
        
       

     

       52
       49
        
             # Database

     
···

       55
       52
        
             # Signups

     

       56
       53
        
             signupsAllowed = false;

     

       57
       54
        
             signupsVerify = true;

     

       58
       58
       -
             signupsVerifyResendTime = 3600;

     

       59
       59
       -
             signupsVerifyResendLimit = 5;

     

       60
       55
        
             signupsDomainWhitelist = "pyrox.dev";

     

       61
       56
        
       

     

       62
       57
        
             # Passwords

     
···

       67
       62
        
       

     

       68
       63
        
             # Mail

     

       69
       64
        
             smtpFrom = "vault@pyrox.dev";

     

       70
       70
       -
             smtpFromName = "PyroNet Vault <vault@pyrox.dev>";

     

       65
       65
       +
             smtpFromName = "dishNet Vault <vault@pyrox.dev>";

     

       71
       66
        
             smtpUsername = "vault@pyrox.dev";

     

       72
       67
        
             smtpSecurity = "force_tls";

     

       73
       68
        
             smtpPort = 465;

     
···

       76
       71
        
             smtpTimeout = 20;

     

       77
       72
        
             smtpEmbedImages = true;

     

       78
       73
        
             useSendmail = false;

     

       79
       79
       -
             smtpDebug = false;

     

       80
       80
       -
             smtpAcceptInvalidCerts = false;

     

       81
       81
       -
             smtpAcceptInvalidHostnames = false;

     

       82
       74
        
       

     

       83
       75
        
             # Authentication

     

       84
       84
       -
             authenticatorDisableTimeDrift = false;

     

       85
       85
       -
             disable2faRemember = false;

     

       86
       76
        
             incomplete2faTimeLimit = 5;

     

       87
       77
        
             # # Email 2FA

     

       88
       88
       -
             emailAttemptsLimit = 3;

     

       89
       78
        
             emailExpirationTime = 180;

     

       90
       79
        
             emailTokenSize = 7;

     

       91
       80
        
             requireDeviceEmail = true;

     

       92
       92
       -
       

     

       93
       93
       -
             # Icons

     

       94
       94
       -
             disableIconDownload = false;

     

       95
       95
       -
             iconService = "internal";

     

       96
       96
       -
             iconRedirectCode = 302;

     

       97
       97
       -
             iconDownloadTimeout = 10;

     

       98
       98
       -
             iconBlacklistNonGlobalIps = true;

     

       99
       99
       -
             # # 30 Day TTL

     

       100
       100
       -
             iconCacheTtl = 30 * 24 * 60 * 60;

     

       101
       101
       -
             iconCacheNegttl = 30 * 24 * 60 * 60;

     

       102
       81
        
       

     

       103
       82
        
             # Misc Settings

     

       104
       83
        
             trashAutoDeleteDays = 14;

-23

hosts/marvin/services/webmentiond.nix

···

       1
       1
       -
       { config, self, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         d = self.lib.data.services.webmentiond;

     

       4
       4
       -
         p = toString d.port;

     

       5
       5
       -
       in

     

       6
       6
       -
       {

     

       7
       7
       -
         virtualisation.oci-containers.containers.webmentiond = {

     

       8
       8
       -
           image = "zerok/webmentiond:latest";

     

       9
       9
       -
           volumes = [ "/var/lib/webmentiond:/data" ];

     

       10
       10
       -
           environmentFiles = [ config.age.secrets.webmentiond-env.path ];

     

       11
       11
       -
           ports = [ "${p}:${p}" ];

     

       12
       12
       -
           cmd = [

     

       13
       13
       -
             "--addr 0.0.0.0:${p}"

     

       14
       14
       -
             "--public-url https://${d.extUrl}"

     

       15
       15
       -
             "--auth-admin-emails pyrox@pyrox.dev"

     

       16
       16
       -
           ];

     

       17
       17
       -
         };

     

       18
       18
       -
         config.age.secrets = {

     

       19
       19
       -
           webmentiond-env.path = ./secrets/webmentiond-env.age;

     

       20
       20
       -
           owner = "thehedgehog";

     

       21
       21
       -
           group = "misc";

     

       22
       22
       -
         };

     

       23
       23
       -
       }

+4 -4

hosts/prefect/bootloader.nix

···

       32
       32
        
           supportedFilesystems = fileSystems;

     

       33
       33
        
           kernelPackages = pkgs.linuxPackages_6_1;

     

       34
       34
        
           kernel.sysctl = {

     

       35
       35
       -
             "net.ipv4.ip_forward" = 1;

     

       36
       36
       -
             "net.ipv6.conf.all.forwarding" = 1;

     

       37
       37
       -
             "net.ipv4.conf.default.rp_filter" = 0;

     

       38
       38
       -
             "net.ipv4.conf.all.rp_filter" = 0;

     

       35
       35
       +
             "net.ipv4.ip_forward" = true;

     

       36
       36
       +
             "net.ipv6.conf.all.forwarding" = true;

     

       37
       37
       +
             "net.ipv4.conf.default.rp_filter" = false;

     

       38
       38
       +
             "net.ipv4.conf.all.rp_filter" = false;

     

       39
       39
        
           };

     

       40
       40
        
         };

     

       41
       41
        
         services.udev.extraRules = ''

+7 -4

hosts/prefect/dn42/default.nix

···

       1
       1
        
       { pkgs, config, ... }:

     

       2
       2
        
       let

     

       3
       3
       -
         cfg42 = config.networking.dn42;

     

       3
       3
       +
         cfg42 = config.dn42;

     

       4
       4
        
       in

     

       5
       5
        
       {

     

       6
       6
        
         imports = [

     
···

       33
       33
        
           tcpdump

     

       34
       34
        
           wireguard-tools

     

       35
       35
        
         ];

     

       36
       36
       -
         networking.dn42 = {

     

       36
       36
       +
         dn42 = {

     

       37
       37
        
           enable = true;

     

       38
       38
        
           # ASN corresponding to DN42 PYRONET

     

       39
       39
        
           as = 4242422459;

     

       40
       40
        
           # Communities config

     

       41
       41
        
           # https://dn42.dev/howto/BGP-communities

     

       42
       42
       -
           geo = 42;

     

       42
       42
       +
           region = 42;

     

       43
       43
        
           country = 1840;

     

       44
       44
        
           routerId = cfg42.addr.v4;

     

       45
       45
        
           # Primary IP Addresses

     
···

       52
       52
        
             v4 = [ "172.20.43.96/27" ];

     

       53
       53
        
             v6 = [ "fd21:1500:66b0::/48" ];

     

       54
       54
        
           };

     

       55
       55
       -
       

     

       56
       55
        
           # Enable StayRTR

     

       57
       56
        
           # https://github.com/bgp/stayrtr

     

       58
       57
        
           stayrtr.enable = true;

     

       58
       58
       +
           # Peer with GRC

     

       59
       59
       +
           # https://dn42.dev/services/Route-Collector

     

       60
       60
       +
           collector.enable = true;

     

       61
       61
       +
       

     

       59
       62
        
           wg.tunnelDefaults = {

     

       60
       63
        
             privateKeyFile = "/run/agenix/dn42-privkey";

     

       61
       64
        
             localAddrs.v4 = cfg42.addr.v4;

+1 -1

hosts/prefect/dn42/peers/bandura.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.bandura = {

     

       5
       5
        
             as = 4242422923;

     

       6
       6
        
             addr.v6 = "fe80::2926";

+1 -1

hosts/prefect/dn42/peers/catgirls.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.catgirls = {

     

       5
       5
        
             as = 4242421411;

     

       6
       6
        
             addr.v6 = "fe80::2189:124";

+1 -1

hosts/prefect/dn42/peers/chrismoos.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.chrismoos = {

     

       5
       5
        
             as = 4242421588;

     

       6
       6
        
             addr.v6 = "fe80::1588";

+29

hosts/prefect/dn42/peers/darkpoint.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         peerv6 = "fe80::150";

     

       4
       4
       +
         localv6 = "fe80::113";

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       7
       7
       +
         config.dn42 = {

     

       8
       8
       +
           peers.darkpoint = {

     

       9
       9
       +
             as = 4242420150;

     

       10
       10
       +
             addr.v6 = peerv6;

     

       11
       11
       +
             interface = "wg42_darkpoint";

     

       12
       12
       +
             extendedNextHop = true;

     

       13
       13
       +
             # My side

     

       14
       14
       +
             srcAddr.v6 = localv6;

     

       15
       15
       +
             # Communities

     

       16
       16
       +
             crypto = dn42Types.crypto.safePFS;

     

       17
       17
       +
             latency = dn42Types.latency."2.7ms";

     

       18
       18
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       19
       19
       +
             transit = true;

     

       20
       20
       +
           };

     

       21
       21
       +
           wg.tunnels.darkpoint = {

     

       22
       22
       +
             listenPort = 42150;

     

       23
       23
       +
             peerPubKey = "1o0XfQvBM1gqknqzfuOnVmf2RjRTHuyMZYNipSSb2TQ=";

     

       24
       24
       +
             peerEndpoint = "iad.darkpoint.xyz:22459";

     

       25
       25
       +
             peerAddrs.v6 = peerv6;

     

       26
       26
       +
             localAddrs.v6 = localv6;

     

       27
       27
       +
           };

     

       28
       28
       +
         };

     

       29
       29
       +
       }

+2

hosts/prefect/dn42/peers/default.nix

···

       9
       9
        
           (import ./bandura.nix { inherit dn42Types; })

     

       10
       10
        
           # (import ./catgirls.nix { inherit dn42Types; })

     

       11
       11
        
           (import ./chrismoos.nix { inherit dn42Types; })

     

       12
       12
       +
           (import ./darkpoint.nix { inherit dn42Types; })

     

       12
       13
        
           (import ./iedon.nix { inherit dn42Types; })

     

       13
       14
        
           (import ./kioubit.nix { inherit dn42Types; })

     

       14
       15
        
           (import ./lare.nix { inherit dn42Types; })

     

       15
       16
        
           (import ./potato.nix { inherit dn42Types; })

     

       17
       17
       +
           (import ./prefixlabs.nix { inherit dn42Types; })

     

       16
       18
        
           (import ./routedbits.nix { inherit dn42Types; })

     

       17
       19
        
           (import ./sunnet.nix { inherit dn42Types; })

     

       18
       20
        
           (import ./uffsalot.nix { inherit dn42Types; })

+1 -1

hosts/prefect/dn42/peers/iedon.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.iedon = {

     

       5
       5
        
             as = 4242422189;

     

       6
       6
        
             addr.v6 = "fe80::2189:124";

+1 -1

hosts/prefect/dn42/peers/kioubit.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.kioubit = {

     

       5
       5
        
             as = 4242423914;

     

       6
       6
        
             addr.v6 = "fe80::ade0";

+1 -1

hosts/prefect/dn42/peers/lare.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.lare = {

     

       5
       5
        
             as = 4242423035;

     

       6
       6
        
             addr.v6 = "fe80::3035:137";

+1 -1

hosts/prefect/dn42/peers/potato.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.potato = {

     

       5
       5
        
             as = 4242421816;

     

       6
       6
        
             addr.v6 = "fe80::1816";

+26

hosts/prefect/dn42/peers/prefixlabs.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.prefixlabs = {

     

       5
       5
       +
             as = 4242421240;

     

       6
       6
       +
             addr.v6 = "fe80::1240:2";

     

       7
       7
       +
             interface = "wg42_prefixlabs";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::240";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."7.3ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.prefixlabs = {

     

       18
       18
       +
             listenPort = 43240;

     

       19
       19
       +
             peerPubKey = "uRYzFGi+/B6pD0FR2SW3G/OzC5LPJXePNIt0s+nJfW0=";

     

       20
       20
       +
             peerEndpoint = "us-01.prefixlabs.net:22459";

     

       21
       21
       +
             peerAddrs.v4 = "172.20.209.11";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::1240:2";

     

       23
       23
       +
             localAddrs.v6 = "fe80::240";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+1 -1

hosts/prefect/dn42/peers/routedbits.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.routedbits = {

     

       5
       5
        
             as = 4242420207;

     

       6
       6
        
             addr.v6 = "fe80::207";

+1 -1

hosts/prefect/dn42/peers/sunnet.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.sunnet = {

     

       5
       5
        
             as = 4242423088;

     

       6
       6
        
             addr.v6 = "fe80::3088:193";

+1 -1

hosts/prefect/dn42/peers/uffsalot.nix

···

       1
       1
        
       { dn42Types, ... }:

     

       2
       2
        
       {

     

       3
       3
       -
         config.networking.dn42 = {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
        
           peers.uffsalot = {

     

       5
       5
        
             as = 4242420780;

     

       6
       6
        
             addr.v6 = "fe80::780";

+8 -13

hosts/prefect/services/caddy.nix

···

       67
       67
        
             # Authentication

     

       68
       68
        
             ${pns.pocket-id.extUrl} = {

     

       69
       69
        
               extraConfig = ''

     

       70
       70
       -
                 reverse_proxy / ${marvin}:${toString pns.pocket-id.port} {

     

       71
       71
       -
                   header_up X-Real-IP {remote_host}

     

       72
       72
       -
                   header_up X-Http-Version {http.request.proto}

     

       73
       73
       -
                 }

     

       70
       70
       +
                 reverse_proxy ${marvin}:${toString pns.pocket-id.port}

     

       74
       71
        
               '';

     

       75
       72
        
             };

     

       76
       73
        
       

     
···

       214
       211
        
               '';

     

       215
       212
        
             };

     

       216
       213
        
       

     

       217
       217
       -
             # Pingvin Share

     

       218
       218
       -
             ${pns.pingvin-share.extUrl} = {

     

       214
       214
       +
             # Immich

     

       215
       215
       +
             ${pns.immich.extUrl} = {

     

       219
       216
        
               extraConfig = ''

     

       220
       220
       -
                 reverse_proxy /api/* ${marvin}:${toString pns.pingvin-share.be-anubis} {

     

       221
       221
       -
                   header_up X-Real-IP {remote_host}

     

       222
       222
       -
                   header_up X-Http-Version {http.request.proto}

     

       223
       223
       -
                 }

     

       224
       224
       -
                 reverse_proxy /* ${marvin}:${toString pns.pingvin-share.anubis} {

     

       225
       225
       -
                   header_up X-Real-IP {remote_host}

     

       226
       226
       -
                   header_up X-Http-Version {http.request.proto}

     

       217
       217
       +
                 @public path /share /share/*

     

       218
       218
       +
                 handle @public {

     

       219
       219
       +
                   reverse_proxy ${marvin}:${toString pns.immich.pubProxy}

     

       227
       220
        
                 }

     

       221
       221
       +
                 reverse_proxy ${marvin}:${toString pns.immich.port}

     

       228
       222
        
               '';

     

       229
       223
        
             };

     

       224
       224
       +
       

     

       230
       225
        
             # Tangled Services

     

       231
       226
        
             ${pns.tangled-knot.extUrl} = {

     

       232
       227
        
               extraConfig = ''

-1

hosts/zaphod/packages.nix

···

       14
       14
        
           pkgs.nixpkgs-track

     

       15
       15
        
           pkgs.pmutils

     

       16
       16
        
           pkgs.qbittorrent

     

       17
       17
       -
           pkgs.scrcpy

     

       18
       17
        
           pkgs.steam-run

     

       19
       18
        
           # Tools for working with Framework computers

     

       20
       19
        
           pkgs.framework-tool-tui

-1

hosts/zaphod/services/greeter.nix

···

       7
       7
        
             hide_version_string = true;

     

       8
       8
        
           };

     

       9
       9
        
         };

     

       10
       10
       -
         security.pam.services.ly.fprintAuth = false;

     

       11
       10
        
       }

+7

lib/data/services.toml

···

       5
       5
        
       # anubis: What port the anubis service for this domain will use, int

     

       6
       6
        
       # tsHost: (optional) What Tailscale host this service will run on, for services only available via Tailscale.

     

       7
       7
        
       # # Should only be set if this is available externally, if at all, since TS-only services aren't able to be scraped.

     

       8
       8
       +
       # Current lowest unassigned port: 6938

     

       8
       9
        
       [authentik]

     

       9
       10
        
       port = 6908

     

       10
       11
        
       host = "marvin"

     
···

       43
       44
        
       port = 6923

     

       44
       45
        
       host = "marvin"

     

       45
       46
        
       extUrl = "soc.pyrox.dev"

     

       47
       47
       +
       

     

       48
       48
       +
       [immich]

     

       49
       49
       +
       port = 6936

     

       50
       50
       +
       host = "marvin"

     

       51
       51
       +
       extUrl = "img.pyrox.dev"

     

       52
       52
       +
       pubProxy = 6937

     

       46
       53
        
       

     

       47
       54
        
       [jellyfin]

     

       48
       55
        
       port = 8096

+1 -1

nixosModules/default-config/default.nix

···

       14
       14
        
           ./users.nix

     

       15
       15
        
         ];

     

       16
       16
        
         system = {

     

       17
       17
       -
           stateVersion = "25.05";

     

       17
       17
       +
           stateVersion = "26.05";

     

       18
       18
        
           disableInstallerTools = true;

     

       19
       19
        
           tools.nixos-rebuild.enable = true;

     

       20
       20
        
         };

+2 -4

nixosModules/default-config/nixConfig.nix

···

       15
       15
        
       {

     

       16
       16
        
         nix = {

     

       17
       17
        
           enable = true;

     

       18
       18
       -
           # We use `nh.clean` instead, so this is disabled

     

       19
       19
       -
           gc.automatic = false;

     

       18
       18
       +
           gc.automatic = true;

     

       20
       19
        
           registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;

     

       21
       20
        
           settings = {

     

       22
       21
        
             # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen.

     
···

       58
       57
        
             keep-going = true;

     

       59
       58
        
             # More direnv gc root stuff

     

       60
       59
        
             keep-outputs = true;

     

       61
       61
       -
             # Show fewer log lines from failed builds since I get them from nh

     

       62
       62
       -
             log-lines = 10;

     

       60
       60
       +
             log-lines = 20;

     

       63
       61
        
             # Limit the max amount of builds

     

       64
       62
        
             max-jobs = lib.mkDefault 4;

     

       65
       63
        
             # Extra system features

-1

nixosModules/default-config/programs/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         imports = [

     

       3
       3
        
           ./ssh.nix

     

       4
       4
       -
           ./nh.nix

     

       5
       4
        
         ];

     

       6
       5
        
         programs.fish.enable = true;

     

       7
       6
        
       }

-7

nixosModules/default-config/programs/nh.nix

···

       1
       1
       -
       _: {

     

       2
       2
       -
         programs.nh = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
           clean.enable = true;

     

       5
       5
       -
           clean.extraArgs = "-k 5";

     

       6
       6
       -
         };

     

       7
       7
       -
       }

+4 -6

nixosModules/dn42Wireguard/default.nix

···

       87
       87
        
               # so tunnel config overrides defaults

     

       88
       88
        
               fc = cfg.tunnelDefaults // (lib.filterAttrs (_: v: v != null) value);

     

       89
       89
        
             in

     

       90
       90
       -
             (lib.nameValuePair "wg42_${name}" {

     

       90
       90
       +
             lib.nameValuePair "wg42_${name}" {

     

       91
       91
        
               inherit (fc) listenPort privateKeyFile;

     

       92
       92
        
               allowedIPsAsRoutes = false;

     

       93
       93
        
               peers = [

     
···

       110
       110
        
                   fc.peerAddrs.v6 != null && fc.localAddrs.v6 != null

     

       111
       111
        
                 ) "${pkgs.iproute2}/bin/ip addr add ${fc.localAddrs.v6} peer ${fc.peerAddrs.v6} dev wg42_${name}"}

     

       112
       112
        
               '';

     

       113
       113
       -
             })

     

       114
       114
       -
           ) (lib.filterAttrs (_: v: v.enable == true) cfg.tunnels);

     

       113
       113
       +
             }

     

       114
       114
       +
           ) (lib.filterAttrs (_: v: v.enable) cfg.tunnels);

     

       115
       115
        
           firewall = {

     

       116
       116
       -
             trustedInterfaces = lib.mapAttrsToList (name: _: "wg42_" + name) (

     

       117
       117
       -
               lib.filterAttrs (_: v: v.enable == true) cfg.tunnels

     

       118
       118
       -
             );

     

       116
       116
       +
             trustedInterfaces = lib.mapAttrsToList (name: _: "wg42_" + name) (lib.filterAttrs (_: v: v.enable) cfg.tunnels);

     

       119
       117
        
             checkReversePath = false;

     

       120
       118
        
             extraInputRules = ''

     

       121
       119
        
               ip saddr 172.20.0.0/14 accept

+1 -1

nixosModules/homes/pyrox/default.nix

···

       9
       9
        
             inputs.self.homeModules.allModules

     

       10
       10
        
             {

     

       11
       11
        
               home.username = "pyrox";

     

       12
       12
       -
               home.stateVersion = "25.11";

     

       12
       12
       +
               home.stateVersion = "26.05";

     

       13
       13
        
               py.profiles.server.enable = lib.mkDefault true;

     

       14
       14
        
               py.profiles.desktop.enable = lib.mkDefault false;

     

       15
       15
        
             }

+1 -1

nixosModules/homes/thehedgehog/default.nix

···

       9
       9
        
             inputs.self.homeModules.allModules

     

       10
       10
        
             {

     

       11
       11
        
               home.username = "thehedgehog";

     

       12
       12
       -
               home.stateVersion = "25.11";

     

       12
       12
       +
               home.stateVersion = "26.05";

     

       13
       13
        
               py.profiles.server.enable = lib.mkDefault true;

     

       14
       14
        
               py.profiles.desktop.enable = lib.mkDefault false;

     

       15
       15
        
             }

+2

nixosModules/homes/thehedgehog-zaphod/default.nix

···

       2
       2
        
         pkgs,

     

       3
       3
        
         lib,

     

       4
       4
        
         inputs,

     

       5
       5
       +
         self',

     

       5
       6
        
         ...

     

       6
       7
        
       }:

     

       7
       8
        
       let

     
···

       12
       13
        
           home.packages = [

     

       13
       14
        
             pkgs.mindustry

     

       14
       15
        
             pkgs.signal-desktop

     

       16
       16
       +
             self'.packages.glide-browser-bin

     

       15
       17
        
           ];

     

       16
       18
        
           home.sessionVariables = {

     

       17
       19
        
             QT_QPA_PLATFORM = "wayland;xcb";

-2

nixosModules/services/forgejo-runner/default.nix

···

       26
       26
        
             };

     

       27
       27
        
             cache = {

     

       28
       28
        
               enabled = true;

     

       29
       29
       -
               dir = "/var/lib/forgejo/runners/cache/";

     

       30
       30
       -
               host = "";

     

       31
       29
        
               port = 0;

     

       32
       30
        
             };

     

       33
       31
        
             container = {

+1 -1

packages/anubis-files/package.nix

···

       10
       10
        
       

     

       11
       11
        
         buildPhase = ''

     

       12
       12
        
           substituteInPlace policies/*.yaml \

     

       13
       13
       -
             --replace-fail "CUSTOM" $out/rules

     

       13
       13
       +
             --replace-fail "CUSTOM" $out

     

       14
       14
        
         '';

     

       15
       15
        
       

     

       16
       16
        
         installPhase = ''

+56

packages/anubis-files/src/policies/default.yaml

···

       1
       1
       +
       bots:

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       3
       3
       +
       dnsbl: false

     

       4
       4
       +
       openGraph:

     

       5
       5
       +
         enabled: true

     

       6
       6
       +
         considerHost: false

     

       7
       7
       +
         ttl: 24h

     

       8
       8
       +
       status_codes:

     

       9
       9
       +
         CHALLENGE: 200

     

       10
       10
       +
         DENY: 200

     

       11
       11
       +
       thresholds:

     

       12
       12
       +
         - name: minimal-suspicion

     

       13
       13
       +
           expression: weight <= 0

     

       14
       14
       +
           action: ALLOW

     

       15
       15
       +
         - name: mild-suspicion

     

       16
       16
       +
           expression:

     

       17
       17
       +
             all:

     

       18
       18
       +
               - weight > 0

     

       19
       19
       +
               - weight < 10

     

       20
       20
       +
           action: CHALLENGE

     

       21
       21
       +
           challenge:

     

       22
       22
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       23
       23
       +
             algorithm: metarefresh

     

       24
       24
       +
             difficulty: 1

     

       25
       25
       +
             report_as: 1

     

       26
       26
       +
         - name: moderate-suspicion

     

       27
       27
       +
           expression:

     

       28
       28
       +
             all:

     

       29
       29
       +
               - weight >= 10

     

       30
       30
       +
               - weight < 20

     

       31
       31
       +
           action: CHALLENGE

     

       32
       32
       +
           challenge:

     

       33
       33
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       34
       34
       +
             algorithm: fast

     

       35
       35
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       36
       36
       +
             report_as: 2

     

       37
       37
       +
         - name: mild-proof-of-work

     

       38
       38
       +
           expression:

     

       39
       39
       +
             all:

     

       40
       40
       +
               - weight >= 20

     

       41
       41
       +
               - weight < 30

     

       42
       42
       +
           action: CHALLENGE

     

       43
       43
       +
           challenge:

     

       44
       44
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       45
       45
       +
             algorithm: fast

     

       46
       46
       +
             difficulty: 4

     

       47
       47
       +
             report_as: 4

     

       48
       48
       +
         # For clients that are browser like and have gained many points from custom rules

     

       49
       49
       +
         - name: extreme-suspicion

     

       50
       50
       +
           expression: weight >= 30

     

       51
       51
       +
           action: CHALLENGE

     

       52
       52
       +
           challenge:

     

       53
       53
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       54
       54
       +
             algorithm: fast

     

       55
       55
       +
             difficulty: 6

     

       56
       56
       +
             report_as: 5

+60 -6

packages/anubis-files/src/policies/forgejo.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       4
       3
        
         - import: (data)/clients/git.yaml

     

       5
       5
       -
         - import: (data)/common/keep-internet-working.yaml

     

       6
       4
        
         - import: (data)/apps/gitea-rss-feeds.yaml

     

       7
       7
       -
         - import: (data)/crawlers/internet-archive.yaml

     

       8
       8
       -
         - import: (data)/crawlers/kagibot.yaml

     

       9
       9
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       5
       5
       +
       

     

       6
       6
       +
         # Allow forgejo runner connections from localhost and tailscale

     

       7
       7
       +
         - name: forgejo-runner

     

       8
       8
       +
           user_agent_regex: connect-go

     

       9
       9
       +
           action: ALLOW

     

       10
       10
       +
       

     

       10
       11
        
       dnsbl: false

     

       12
       12
       +
       openGraph:

     

       13
       13
       +
         enabled: true

     

       14
       14
       +
         considerHost: false

     

       15
       15
       +
         ttl: 24h

     

       16
       16
       +
       status_codes:

     

       17
       17
       +
         CHALLENGE: 200

     

       18
       18
       +
         DENY: 200

     

       19
       19
       +
       thresholds:

     

       20
       20
       +
         - name: minimal-suspicion

     

       21
       21
       +
           expression: weight <= 0

     

       22
       22
       +
           action: ALLOW

     

       23
       23
       +
         - name: mild-suspicion

     

       24
       24
       +
           expression:

     

       25
       25
       +
             all:

     

       26
       26
       +
               - weight > 0

     

       27
       27
       +
               - weight < 10

     

       28
       28
       +
           action: CHALLENGE

     

       29
       29
       +
           challenge:

     

       30
       30
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       31
       31
       +
             algorithm: metarefresh

     

       32
       32
       +
             difficulty: 1

     

       33
       33
       +
             report_as: 1

     

       34
       34
       +
         - name: moderate-suspicion

     

       35
       35
       +
           expression:

     

       36
       36
       +
             all:

     

       37
       37
       +
               - weight >= 10

     

       38
       38
       +
               - weight < 20

     

       39
       39
       +
           action: CHALLENGE

     

       40
       40
       +
           challenge:

     

       41
       41
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       42
       42
       +
             algorithm: fast

     

       43
       43
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       44
       44
       +
             report_as: 2

     

       45
       45
       +
         - name: mild-proof-of-work

     

       46
       46
       +
           expression:

     

       47
       47
       +
             all:

     

       48
       48
       +
               - weight >= 20

     

       49
       49
       +
               - weight < 30

     

       50
       50
       +
           action: CHALLENGE

     

       51
       51
       +
           challenge:

     

       52
       52
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       53
       53
       +
             algorithm: fast

     

       54
       54
       +
             difficulty: 4

     

       55
       55
       +
             report_as: 4

     

       56
       56
       +
         # For clients that are browser like and have gained many points from custom rules

     

       57
       57
       +
         - name: extreme-suspicion

     

       58
       58
       +
           expression: weight >= 30

     

       59
       59
       +
           action: CHALLENGE

     

       60
       60
       +
           challenge:

     

       61
       61
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       62
       62
       +
             algorithm: fast

     

       63
       63
       +
             difficulty: 6

     

       64
       64
       +
             report_as: 5

-6

packages/anubis-files/src/policies/grafana.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       dnsbl: false

+54

packages/anubis-files/src/policies/meta/base.yaml

···

       1
       1
       +
       # keep-sorted start

     

       2
       2
       +
       - import: (data)/bots/_deny-pathological.yaml

     

       3
       3
       +
       - import: (data)/bots/aggressive-brazilian-scrapers.yaml

     

       4
       4
       +
       - import: (data)/clients/x-firefox-ai.yaml

     

       5
       5
       +
       - import: (data)/common/keep-internet-working.yaml

     

       6
       6
       +
       - import: (data)/common/rfc-violations.yaml

     

       7
       7
       +
       - import: (data)/crawlers/_allow-good.yaml

     

       8
       8
       +
       - import: (data)/meta/ai-block-aggressive.yaml

     

       9
       9
       +
       # keep-sorted end

     

       10
       10
       +
       - name: realistic-browser-catchall

     

       11
       11
       +
         expression:

     

       12
       12
       +
           all:

     

       13
       13
       +
             - '"User-Agent" in headers'

     

       14
       14
       +
             - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'

     

       15
       15
       +
             - '"Accept" in headers'

     

       16
       16
       +
             - '"Sec-Fetch-Dest" in headers'

     

       17
       17
       +
             - '"Sec-Fetch-Mode" in headers'

     

       18
       18
       +
             - '"Sec-Fetch-Site" in headers'

     

       19
       19
       +
             - '"Accept-Encoding" in headers'

     

       20
       20
       +
             - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'

     

       21
       21
       +
             - '"Accept-Language" in headers'

     

       22
       22
       +
         action: WEIGH

     

       23
       23
       +
         weight:

     

       24
       24
       +
           adjust: -10

     

       25
       25
       +
           # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always

     

       26
       26
       +
       - name: upgrade-insecure-requests

     

       27
       27
       +
         expression: '"Upgrade-Insecure-Requests" in headers'

     

       28
       28
       +
         action: WEIGH

     

       29
       29
       +
         weight:

     

       30
       30
       +
           adjust: -2

     

       31
       31
       +
       # Chrome should behave like Chrome

     

       32
       32
       +
       - name: chrome-is-proper

     

       33
       33
       +
         expression:

     

       34
       34
       +
           all:

     

       35
       35
       +
             - userAgent.contains("Chrome")

     

       36
       36
       +
             - '"Sec-Ch-Ua" in headers'

     

       37
       37
       +
             - 'headers["Sec-Ch-Ua"].contains("Chromium")'

     

       38
       38
       +
             - '"Sec-Ch-Ua-Mobile" in headers'

     

       39
       39
       +
             - '"Sec-Ch-Ua-Platform" in headers'

     

       40
       40
       +
         action: WEIGH

     

       41
       41
       +
         weight:

     

       42
       42
       +
           adjust: -5

     

       43
       43
       +
       - name: should-have-accept

     

       44
       44
       +
         expression: '!("Accept" in headers)'

     

       45
       45
       +
         action: WEIGH

     

       46
       46
       +
         weight:

     

       47
       47
       +
           adjust: 5

     

       48
       48
       +
       # Generic catchall rule

     

       49
       49
       +
       - name: generic-browser

     

       50
       50
       +
         user_agent_regex: >-

     

       51
       51
       +
           Mozilla|Opera|Chrome|Chromium

     

       52
       52
       +
         action: WEIGH

     

       53
       53
       +
         weight:

     

       54
       54
       +
           adjust: 10

packages/anubis-files/src/policies/meta/openGraph.yaml

This is a binary file and will not be displayed.

-6

packages/anubis-files/src/policies/miniflux.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       dnsbl: false

+50 -4

packages/anubis-files/src/policies/nextcloud-office.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       4
       3
        
         # Allow requests from the nextcloud server to bypass checks

     

       5
       4
        
         - name: allow-nextcloud-server

     

       6
       5
        
           user_agent_regex: ^Nextcloud Server / richdocuments$

     

       7
       6
        
           action: ALLOW

     

       8
       8
       -
         - import: (data)/common/keep-internet-working.yaml

     

       9
       9
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       10
       7
        
       dnsbl: false

     

       8
       8
       +
       status_codes:

     

       9
       9
       +
         CHALLENGE: 200

     

       10
       10
       +
         DENY: 200

     

       11
       11
       +
       thresholds:

     

       12
       12
       +
         - name: minimal-suspicion

     

       13
       13
       +
           expression: weight <= 0

     

       14
       14
       +
           action: ALLOW

     

       15
       15
       +
         - name: mild-suspicion

     

       16
       16
       +
           expression:

     

       17
       17
       +
             all:

     

       18
       18
       +
               - weight > 0

     

       19
       19
       +
               - weight < 10

     

       20
       20
       +
           action: CHALLENGE

     

       21
       21
       +
           challenge:

     

       22
       22
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       23
       23
       +
             algorithm: metarefresh

     

       24
       24
       +
             difficulty: 1

     

       25
       25
       +
             report_as: 1

     

       26
       26
       +
         - name: moderate-suspicion

     

       27
       27
       +
           expression:

     

       28
       28
       +
             all:

     

       29
       29
       +
               - weight >= 10

     

       30
       30
       +
               - weight < 20

     

       31
       31
       +
           action: CHALLENGE

     

       32
       32
       +
           challenge:

     

       33
       33
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       34
       34
       +
             algorithm: fast

     

       35
       35
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       36
       36
       +
             report_as: 2

     

       37
       37
       +
         - name: mild-proof-of-work

     

       38
       38
       +
           expression:

     

       39
       39
       +
             all:

     

       40
       40
       +
               - weight >= 20

     

       41
       41
       +
               - weight < 30

     

       42
       42
       +
           action: CHALLENGE

     

       43
       43
       +
           challenge:

     

       44
       44
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       45
       45
       +
             algorithm: fast

     

       46
       46
       +
             difficulty: 4

     

       47
       47
       +
             report_as: 4

     

       48
       48
       +
         # For clients that are browser like and have gained many points from custom rules

     

       49
       49
       +
         - name: extreme-suspicion

     

       50
       50
       +
           expression: weight >= 30

     

       51
       51
       +
           action: CHALLENGE

     

       52
       52
       +
           challenge:

     

       53
       53
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       54
       54
       +
             algorithm: fast

     

       55
       55
       +
             difficulty: 6

     

       56
       56
       +
             report_as: 5

+54 -5

packages/anubis-files/src/policies/nextcloud.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         # Block scrapers and abusive cloud providers

     

       3
       3
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       4
       4
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       5
       3
        
         # Allow android apps that I use

     

       6
       4
        
         - name: allow-android-apps

     

       7
       5
        
           user_agent_regex: Nextcloud-android|DAVx5|ICSx5

     
···

       34
       32
        
               - 'path.startsWith("/apps/theming/")'

     

       35
       33
        
               # Public DAV endpoint

     

       36
       34
        
               - 'path.startsWith("/public.php/dav/files/")'

     

       37
       37
       -
         - import: (data)/common/keep-internet-working.yaml

     

       38
       38
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       39
       35
        
       dnsbl: false

     

       36
       36
       +
       openGraph:

     

       37
       37
       +
         enabled: true

     

       38
       38
       +
         considerHost: false

     

       39
       39
       +
         ttl: 24h

     

       40
       40
       +
       status_codes:

     

       41
       41
       +
         CHALLENGE: 200

     

       42
       42
       +
         DENY: 200

     

       43
       43
       +
       thresholds:

     

       44
       44
       +
         - name: minimal-suspicion

     

       45
       45
       +
           expression: weight <= 0

     

       46
       46
       +
           action: ALLOW

     

       47
       47
       +
         - name: mild-suspicion

     

       48
       48
       +
           expression:

     

       49
       49
       +
             all:

     

       50
       50
       +
               - weight > 0

     

       51
       51
       +
               - weight < 10

     

       52
       52
       +
           action: CHALLENGE

     

       53
       53
       +
           challenge:

     

       54
       54
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       55
       55
       +
             algorithm: metarefresh

     

       56
       56
       +
             difficulty: 1

     

       57
       57
       +
             report_as: 1

     

       58
       58
       +
         - name: moderate-suspicion

     

       59
       59
       +
           expression:

     

       60
       60
       +
             all:

     

       61
       61
       +
               - weight >= 10

     

       62
       62
       +
               - weight < 20

     

       63
       63
       +
           action: CHALLENGE

     

       64
       64
       +
           challenge:

     

       65
       65
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       66
       66
       +
             algorithm: fast

     

       67
       67
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       68
       68
       +
             report_as: 2

     

       69
       69
       +
         - name: mild-proof-of-work

     

       70
       70
       +
           expression:

     

       71
       71
       +
             all:

     

       72
       72
       +
               - weight >= 20

     

       73
       73
       +
               - weight < 30

     

       74
       74
       +
           action: CHALLENGE

     

       75
       75
       +
           challenge:

     

       76
       76
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       77
       77
       +
             algorithm: fast

     

       78
       78
       +
             difficulty: 4

     

       79
       79
       +
             report_as: 4

     

       80
       80
       +
         # For clients that are browser like and have gained many points from custom rules

     

       81
       81
       +
         - name: extreme-suspicion

     

       82
       82
       +
           expression: weight >= 30

     

       83
       83
       +
           action: CHALLENGE

     

       84
       84
       +
           challenge:

     

       85
       85
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       86
       86
       +
             algorithm: fast

     

       87
       87
       +
             difficulty: 6

     

       88
       88
       +
             report_as: 5

-6

packages/anubis-files/src/policies/pingvin-share.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       dnsbl: false

-6

packages/anubis-files/src/policies/planka.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       dnsbl: false

-6

packages/anubis-files/src/policies/pocket-id.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       dnsbl: false

+54 -4

packages/anubis-files/src/policies/vaultwarden.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       4
       3
        
         # Allow bitwarden apps

     

       5
       4
        
         - name: allow-bitwarden-mobile

     

       6
       5
        
           user_agent_regex: Bitwarden_Mobile

     
···

       8
       7
        
         - name: allow-bitwarden-webext

     

       9
       8
        
           user_agent_regex: Mozilla

     

       10
       9
        
           action: ALLOW

     

       11
       11
       -
         - import: (data)/common/keep-internet-working.yaml

     

       12
       12
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       13
       10
        
       dnsbl: false

     

       11
       11
       +
       openGraph:

     

       12
       12
       +
         enabled: true

     

       13
       13
       +
         considerHost: false

     

       14
       14
       +
         ttl: 24h

     

       15
       15
       +
       status_codes:

     

       16
       16
       +
         CHALLENGE: 200

     

       17
       17
       +
         DENY: 200

     

       18
       18
       +
       thresholds:

     

       19
       19
       +
         - name: minimal-suspicion

     

       20
       20
       +
           expression: weight <= 0

     

       21
       21
       +
           action: ALLOW

     

       22
       22
       +
         - name: mild-suspicion

     

       23
       23
       +
           expression:

     

       24
       24
       +
             all:

     

       25
       25
       +
               - weight > 0

     

       26
       26
       +
               - weight < 10

     

       27
       27
       +
           action: CHALLENGE

     

       28
       28
       +
           challenge:

     

       29
       29
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       30
       30
       +
             algorithm: metarefresh

     

       31
       31
       +
             difficulty: 1

     

       32
       32
       +
             report_as: 1

     

       33
       33
       +
         - name: moderate-suspicion

     

       34
       34
       +
           expression:

     

       35
       35
       +
             all:

     

       36
       36
       +
               - weight >= 10

     

       37
       37
       +
               - weight < 20

     

       38
       38
       +
           action: CHALLENGE

     

       39
       39
       +
           challenge:

     

       40
       40
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       41
       41
       +
             algorithm: fast

     

       42
       42
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       43
       43
       +
             report_as: 2

     

       44
       44
       +
         - name: mild-proof-of-work

     

       45
       45
       +
           expression:

     

       46
       46
       +
             all:

     

       47
       47
       +
               - weight >= 20

     

       48
       48
       +
               - weight < 30

     

       49
       49
       +
           action: CHALLENGE

     

       50
       50
       +
           challenge:

     

       51
       51
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       52
       52
       +
             algorithm: fast

     

       53
       53
       +
             difficulty: 4

     

       54
       54
       +
             report_as: 4

     

       55
       55
       +
         # For clients that are browser like and have gained many points from custom rules

     

       56
       56
       +
         - name: extreme-suspicion

     

       57
       57
       +
           expression: weight >= 30

     

       58
       58
       +
           action: CHALLENGE

     

       59
       59
       +
           challenge:

     

       60
       60
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       61
       61
       +
             algorithm: fast

     

       62
       62
       +
             difficulty: 6

     

       63
       63
       +
             report_as: 5

-3

packages/anubis-files/src/rules/block/alibaba-cloud.yaml

···

       1
       1
       -
       - name: alibaba-cloud

     

       2
       2
       -
         action: DENY

     

       3
       3
       -
         remote_addresses: ["45.196.28.0/24", "161.117.128.0/17", "8.209.42.0/23", "47.89.125.0/24", "8.222.48.0/20", "47.79.16.0/21", "149.129.16.0/23", "8.212.0.0/17", "47.89.0.0/19", "47.240.128.0/17", "8.213.176.0/20", "47.77.8.0/22", "47.79.96.0/19", "47.246.198.0/23", "47.91.128.0/17", "47.89.104.0/21", "47.89.102.0/24", "8.222.96.0/19", "170.33.31.0/24", "8.215.168.0/24", "8.222.40.0/21", "47.235.1.0/24", "240b:400f::/32", "170.33.32.0/24", "8.208.0.0/18", "47.79.24.0/21", "47.91.16.0/20", "47.252.0.0/17", "8.213.176.0/21", "8.212.0.0/18", "8.211.192.0/18", "47.79.54.0/23", "47.235.18.0/24", "47.88.0.0/17", "43.96.21.0/24", "47.235.22.0/24", "240b:4001::/33", "47.79.64.0/20", "139.95.4.0/23", "47.254.128.0/19", "47.81.64.0/18", "47.77.128.0/18", "240b:4009::/33", "47.246.90.0/23", "47.89.32.0/19", "205.204.125.0/24", "47.79.56.0/23", "240b:400c:100::/41", "47.235.26.0/23", "8.209.64.0/19", "8.222.16.0/20", "47.235.12.0/23", "116.251.64.0/18", "139.95.64.0/24", "47.235.31.0/24", "8.208.32.0/19", "240b:400c:f00::/48", "47.235.6.0/24", "47.246.160.0/21", "47.246.196.0/22", "2404:2280:3000::/37", "47.74.0.0/21", "240b:4007:8000::/33", "47.91.0.0/20", "2400:3200:baba::/48", "198.11.137.0/24", "47.84.168.0/21", "240b:4006:1020::/44", "149.129.192.0/18", "8.219.40.0/21", "43.96.3.0/24", "240b:4004::/32", "47.77.64.0/20", "47.83.48.0/21", "47.77.104.0/21", "240b:4001:8000::/33", "43.96.5.0/24", "240b:400c:180::/41", "43.96.25.0/24", "47.77.96.0/21", "8.211.160.0/19", "47.245.32.0/19", "8.215.0.0/16", "47.79.32.0/20", "8.213.160.0/21", "47.74.0.0/19", "43.96.4.0/24", "170.33.75.0/24", "8.211.128.0/18", "8.217.0.0/16", "47.81.0.0/19", "47.82.96.0/19", "47.83.56.0/21", "203.107.64.0/24", "240b:4006:1020::/45", "240b:4004::/33", "47.242.0.0/15", "47.80.128.0/17", "8.215.0.0/17", "240b:4000::/32", "47.246.192.0/23", "47.246.176.0/21", "8.212.224.0/19", "47.90.0.0/17", "170.33.107.0/24", "47.237.32.0/20", "47.240.0.0/16", "47.253.0.0/16", "161.117.0.0/16", "47.77.12.0/22", "47.88.128.0/17", "8.220.147.0/24", "47.236.0.0/16", "149.129.192.0/19", "170.33.73.0/24", "47.87.160.0/19", "47.79.0.0/20", "47.246.153.0/24", "47.235.29.0/24", "47.81.128.0/18", "43.96.35.0/24", "8.212.128.0/18", "8.219.0.0/16", "47.246.155.0/24", "8.216.64.0/18", "8.213.253.0/24", "8.220.116.0/24", "8.222.128.0/18", "240b:400e:8000::/33", "43.96.33.0/24", "47.77.192.0/18", "47.81.32.0/19", "47.77.8.0/21", "47.79.16.0/20", "240b:400f:8000::/33", "47.246.145.0/24", "47.88.128.0/18", "170.33.104.0/24", "8.219.0.0/17", "47.82.0.0/18", "139.95.10.0/23", "47.238.0.0/16", "240b:4006:1002::/47", "8.221.188.0/22", "8.213.251.0/24", "47.254.192.0/19", "47.79.32.0/21", "8.212.128.0/19", "47.246.83.0/24", "47.87.64.0/19", "8.222.192.0/18", "170.33.68.0/24", "240b:400c:f01::/48", "170.33.136.0/24", "2400:b200:4101::/48", "2401:8680:4100::/48", "240b:400c::/32", "47.89.92.0/22", "8.223.128.0/18", "47.89.124.0/23", "47.74.32.0/19", "47.244.0.0/17", "43.96.80.0/24", "8.211.104.0/21", "8.213.224.0/19", "47.86.0.0/17", "8.222.64.0/21", "240b:400e::/33", "161.117.143.0/24", "47.246.152.0/23", "47.246.93.0/24", "240b:4006:1010::/45", "47.254.224.0/19", "8.209.40.0/22", "149.129.64.0/18", "43.96.20.0/24", "240b:4000:8000::/33", "47.251.0.0/16", "240b:4002::/32", "8.222.16.0/21", "203.107.66.0/24", "8.222.24.0/21", "47.89.128.0/19", "240b:400c:8000::/33", "8.218.128.0/17", "8.216.128.0/17", "47.91.128.0/18", "8.221.64.0/18", "2404:2280:4000::/36", "8.211.80.0/21", "8.217.128.0/17", "8.220.229.0/24", "170.33.66.0/24", "47.237.0.0/16", "47.235.28.0/23", "170.33.74.0/24", "47.90.64.0/18", "47.246.82.0/23", "8.209.38.0/23", "240b:4005:8000::/33", "8.220.128.0/18", "139.95.14.0/23", "8.216.192.0/18", "8.218.0.0/16", "47.91.192.0/18", "8.221.48.0/21", "149.129.8.0/21", "43.91.0.0/16", "8.223.64.0/18", "8.216.148.0/24", "8.222.80.0/21", "2401:b180:4100::/48", "47.91.0.0/19", "47.246.154.0/24", "47.246.152.0/24", "47.250.64.0/18", "8.216.128.0/18", "170.33.72.0/24", "139.95.12.0/23", "240b:400c::/40", "8.221.128.0/18", "43.96.32.0/24", "47.90.128.0/17", "47.251.0.0/17", "43.96.34.0/24", "47.245.0.0/18", "47.85.112.0/23", "8.209.56.0/21", "8.213.252.0/24", "47.77.128.0/17", "139.95.2.0/23", "43.96.69.0/24", "161.117.126.0/24", "47.75.0.0/16", "47.89.82.0/23", "47.89.224.0/19", "8.209.0.0/20", "47.246.128.0/22", "8.221.0.0/21", "139.95.8.0/23", "47.253.128.0/17", "156.236.12.0/24", "203.107.65.0/24", "47.241.128.0/17", "8.222.88.0/21", "47.87.128.0/18", "47.254.128.0/18", "8.221.192.0/18", "240b:4001::/32", "47.235.16.0/24", "240b:4007::/32", "47.235.13.0/24", "47.235.24.0/23", "47.91.80.0/20", "43.96.11.0/24", "47.235.5.0/24", "8.209.160.0/19", "47.246.88.0/23", "47.77.4.0/22", "156.236.17.0/24", "8.209.224.0/19", "14.1.115.0/24", "149.129.96.0/19", "47.254.192.0/18", "47.245.192.0/18", "8.208.0.0/16", "47.83.0.0/16", "47.87.96.0/19", "47.252.64.0/18", "47.89.192.0/18", "47.89.122.0/24", "47.85.114.0/23", "2404:2280:1000::/36", "47.81.128.0/17", "47.246.147.0/24", "47.87.64.0/18", "47.235.9.0/24", "47.52.0.0/17", "47.246.156.0/22", "47.246.96.0/22", "47.74.0.0/18", "8.214.0.0/17", "47.246.192.0/22", "47.246.150.0/24", "43.91.0.0/17", "170.33.138.0/24", "8.213.0.0/18", "47.90.192.0/18", "47.85.0.0/16", "47.235.24.0/22", "47.235.16.0/23", "47.85.128.0/17", "103.81.186.0/23", "8.221.0.0/18", "43.96.7.0/24", "47.79.56.0/21", "240b:4013::/32", "47.89.108.0/22", "47.235.28.0/24", "47.246.82.0/24", "47.91.48.0/20", "185.78.106.0/23", "47.84.160.0/21", "140.205.1.0/24", "47.88.43.0/24", "47.83.32.0/21", "47.91.64.0/19", "43.96.100.0/24", "43.96.72.0/24", "47.87.0.0/18", "8.210.0.0/16", "47.88.192.0/18", "47.88.42.0/24", "170.33.92.0/24", "149.129.32.0/19", "47.52.128.0/17", "47.246.108.0/22", "8.221.56.0/21", "47.253.0.0/17", "110.76.23.0/24", "170.33.65.0/24", "240b:4006::/48", "47.245.0.0/19", "47.77.64.0/19", "8.209.39.0/24", "47.77.96.0/20", "47.80.128.0/18", "170.33.83.0/24", "47.77.32.0/19", "8.212.64.0/18", "43.96.40.0/24", "2400:b200:4102::/48", "43.96.81.0/24", "8.214.0.0/16", "161.117.128.0/24", "43.96.75.0/24", "8.215.160.0/24", "47.77.0.0/22", "47.239.0.0/16", "47.89.76.0/22", "47.82.14.0/23", "43.91.128.0/17", "47.89.88.0/22", "47.79.8.0/21", "240b:4004:8000::/33", "47.246.140.0/22", "43.96.74.0/24", "161.117.127.0/24", "8.212.192.0/19", "240b:4006:1000::/44", "47.80.192.0/18", "47.79.48.0/21", "47.254.64.0/18", "47.246.144.0/23", "47.246.92.0/24", "47.246.66.0/24", "47.246.150.0/23", "47.91.96.0/20", "47.89.98.0/23", "47.77.80.0/20", "8.210.240.0/24", "8.213.0.0/17", "47.250.99.0/24", "47.88.41.0/24", "47.80.32.0/19", "47.250.0.0/17", "43.96.8.0/24", "14.1.112.0/22", "240b:4006:1008::/45", "8.211.224.0/19", "47.84.144.0/21", "47.88.109.0/24", "2400:3200::/48", "47.56.0.0/16", "8.220.192.0/18", "8.223.0.0/17", "8.222.72.0/21", "47.246.69.0/24", "240b:4002:8000::/33", "43.96.66.0/24", "47.246.92.0/23", "47.246.136.0/22", "205.204.117.0/24", "8.222.80.0/20", "47.85.112.0/22", "47.79.128.0/19", "240b:400d:8000::/33", "170.33.64.0/24", "8.222.56.0/21", "240b:400d::/33", "8.222.64.0/20", "47.75.128.0/17", "8.209.48.0/21", "47.57.0.0/16", "139.95.0.0/23", "47.79.192.0/18", "170.33.30.0/24", "47.77.152.0/21", "8.212.192.0/18", "8.213.128.0/19", "47.77.6.0/23", "47.246.32.0/22", "140.205.122.0/24", "47.244.0.0/16", "47.246.158.0/23", "8.209.192.0/19", "170.33.77.0/24", "8.216.69.0/24", "8.213.192.0/19", "47.77.16.0/22", "47.235.10.0/24", "202.144.199.0/24", "47.254.0.0/17", "43.98.128.0/17", "240b:400c::/41", "47.250.128.0/17", "47.89.101.0/24", "47.90.128.0/18", "240b:4013:8000::/33", "8.209.44.0/23", "240b:400c:80::/41", "161.117.129.0/24", "47.91.64.0/20", "8.209.36.0/24", "8.221.8.0/21", "47.82.32.0/19", "47.77.4.0/23", "47.79.72.0/21", "8.212.160.0/19", "170.33.80.0/24", "47.246.156.0/23", "8.220.192.0/19", "47.246.68.0/24", "47.254.160.0/19", "47.82.56.0/21", "8.223.128.0/17", "47.74.128.0/18", "47.77.24.0/23", "170.33.93.0/24", "47.89.72.0/23", "47.84.152.0/21", "240b:400e::/32", "149.129.224.0/19", "2400:b200:4103::/48", "47.87.32.0/19", "47.86.0.0/16", "47.235.4.0/24", "139.95.6.0/23", "47.252.67.0/24", "47.246.123.0/24", "47.81.96.0/19", "43.96.10.0/24", "8.223.0.0/18", "240b:4005::/32", "47.246.130.0/23", "47.91.96.0/19", "240b:400b::/33", "47.246.132.0/23", "8.213.184.0/21", "47.246.124.0/24", "8.209.64.0/18", "2404:2280:3000::/36", "47.89.78.0/23", "47.250.128.0/18", "47.79.128.0/20", "240b:4011::/33", "47.244.128.0/17", "47.246.151.0/24", "8.211.226.0/24", "47.88.135.0/24", "47.80.0.0/18", "43.96.88.0/24", "47.235.6.0/23", "205.204.111.0/24", "240b:4006:1000::/45", "47.250.0.0/18", "47.89.76.0/23", "47.89.99.0/24", "8.211.0.0/17", "47.89.123.0/24", "8.209.128.0/19", "47.246.160.0/20", "43.99.0.0/16", "47.236.0.0/15", "240b:400e:fffe::/48", "47.80.96.0/19", "47.246.184.0/21", "47.235.8.0/24", "8.222.48.0/21", "47.89.94.0/23", "47.245.64.0/18", "47.77.128.0/21", "47.74.192.0/18", "2404:2280:4000::/37", "8.211.88.0/21", "8.213.192.0/18", "8.223.192.0/18", "240b:4002::/33", "149.129.64.0/19", "47.241.0.0/16", "240b:4006:1018::/45", "8.216.0.0/17", "149.129.0.0/21", "47.254.0.0/18", "8.220.64.0/18", "43.96.22.0/24", "170.33.33.0/24", "47.91.32.0/19", "47.246.76.0/22", "47.246.68.0/23", "47.246.146.0/23", "47.254.113.0/24", "47.89.128.0/18", "47.77.144.0/21", "47.89.104.0/22", "8.211.96.0/21", "47.80.0.0/19", "47.246.104.0/22", "47.80.64.0/18", "161.117.0.0/17", "170.33.88.0/24", "47.77.2.0/23", "47.241.0.0/17", "47.79.224.0/19", "170.33.105.0/24", "47.82.12.0/23", "47.246.146.0/24", "8.213.144.0/20", "43.99.0.0/17", "47.89.88.0/23", "8.220.64.0/19", "47.89.90.0/23", "47.235.19.0/24", "8.215.128.0/17", "47.235.21.0/24", "47.81.192.0/18", "8.211.0.0/18", "47.246.72.0/22", "8.211.64.0/18", "203.107.68.0/24", "59.82.136.0/23", "8.209.44.0/22", "8.209.36.0/23", "47.89.0.0/18", "8.216.0.0/18", "47.246.104.0/21", "240b:400b::/32", "47.246.72.0/21", "8.214.128.0/17", "8.209.48.0/20", "170.33.86.0/24", "110.76.21.0/24", "8.209.128.0/18", "8.222.96.0/20", "47.89.100.0/24", "47.89.192.0/19", "8.213.128.0/20", "2400:b200:4100::/48", "8.208.0.0/17", "170.33.90.0/24", "47.83.0.0/17", "240b:400c:100::/40", "170.33.82.0/24", "8.222.32.0/21", "47.246.86.0/23", "47.52.0.0/16", "47.79.192.0/19", "2404:2280:1800::/37", "8.222.112.0/20", "170.33.24.0/24", "47.89.92.0/23", "47.78.0.0/17", "47.84.0.0/16", "240b:400b:8000::/33", "8.209.38.0/24", "47.235.7.0/24", "47.235.23.0/24", "47.237.34.0/24", "47.79.144.0/20", "43.96.71.0/24", "5.181.224.0/23", "47.246.88.0/22", "47.246.96.0/21", "47.82.0.0/19", "8.209.40.0/23", "47.77.48.0/20", "8.209.16.0/20", "240b:4009::/32", "47.246.176.0/20", "47.250.192.0/18", "47.246.168.0/21", "47.89.160.0/19", "8.222.32.0/20", "223.5.5.0/24", "47.81.0.0/18", "47.89.96.0/24", "47.77.0.0/23", "43.96.24.0/24", "8.221.128.0/17", "47.246.144.0/24", "47.246.125.0/24", "240b:400e:ffff::/48", "47.84.0.0/17", "170.33.106.0/24", "156.227.20.0/24", "170.33.35.0/24", "240b:4006:1028::/45", "170.33.78.0/24", "198.11.128.0/18", "8.210.0.0/17", "47.83.40.0/21", "47.89.80.0/23", "43.98.0.0/16", "47.88.0.0/18", "47.89.74.0/23", "43.96.67.0/24", "47.79.48.0/20", "2404:2280:3800::/37", "47.235.11.0/24", "8.220.160.0/19", "43.96.84.0/24", "8.221.208.0/21", "139.95.18.0/23", "47.246.84.0/22", "47.77.16.0/21", "170.33.69.0/24", "47.78.128.0/17", "8.220.96.0/19", "8.209.0.0/19", "240b:400d::/32", "205.204.102.0/23", "47.87.128.0/19", "47.83.128.0/17", "8.218.0.0/17", "47.235.10.0/23", "8.208.128.0/17", "170.33.137.0/24", "8.209.37.0/24", "8.220.128.0/19", "47.79.112.0/20", "47.243.0.0/16", "47.246.196.0/23", "170.33.79.0/24", "47.252.0.0/18", "47.87.0.0/19", "2404:2280:2000::/36", "47.79.58.0/23", "170.33.34.0/24", "47.246.132.0/22", "240b:4012::/48", "47.91.112.0/20", "47.77.32.0/20", "240b:4005::/33", "8.222.8.0/21", "47.246.194.0/23", "2404:2280:1000::/37", "8.221.200.0/21", "43.96.23.0/24", "47.82.64.0/18", "147.139.128.0/17", "8.211.192.0/19", "47.251.128.0/17", "240b:4011::/32", "8.222.0.0/20", "47.235.12.0/24", "43.99.128.0/17", "47.246.80.0/24", "47.246.67.0/24", "47.246.122.0/24", "156.245.1.0/24", "8.210.128.0/17", "8.213.64.0/18", "45.199.179.0/24", "47.235.0.0/22", "47.246.136.0/21", "8.213.164.0/22", "8.209.192.0/18", "47.77.24.0/22", "47.82.64.0/19", "47.244.73.0/24", "47.89.72.0/22", "47.76.128.0/17", "47.76.0.0/16", "47.245.128.0/17", "47.75.0.0/17", "47.245.96.0/19", "47.235.20.0/24", "47.79.52.0/23", "47.79.80.0/20", "47.82.32.0/21", "47.251.224.0/22", "47.74.128.0/17", "223.6.6.0/24", "47.246.128.0/23", "147.139.128.0/18", "47.246.84.0/23", "240b:4007::/33", "170.33.85.0/24", "43.96.102.0/24", "43.98.0.0/17", "203.107.67.0/24", "8.222.0.0/21", "2404:2280:2800::/37", "43.96.101.0/24", "170.33.84.0/24", "8.219.128.0/17", "47.80.64.0/19", "43.96.85.0/24", "43.96.96.0/24", "43.96.73.0/24", "47.246.100.0/22", "47.79.60.0/23", "47.77.26.0/23", "8.222.128.0/17", "161.117.138.0/24", "47.235.18.0/23", "47.235.0.0/23", "240b:4006:1010::/44", "47.76.0.0/17", "8.221.216.0/21", "47.82.8.0/23", "2404:2280:4800::/37", "170.33.29.0/24", "47.245.128.0/18", "47.79.80.0/21", "47.89.221.0/24", "198.11.184.0/21", "240b:4009:8000::/33", "8.215.162.0/23", "8.211.128.0/19", "47.79.83.0/24", "2408:4009:500::/48", "47.81.64.0/19", "8.208.0.0/19", "47.240.0.0/17", "47.79.64.0/21", "47.90.0.0/18", "43.96.70.0/24", "149.129.0.0/20", "240b:400c::/33", "2408:4000:1000::/48", "170.33.76.0/24", "205.204.96.0/19", "47.88.64.0/18", "8.209.96.0/19", "47.79.104.0/21", "47.82.10.0/23", "47.79.88.0/21", "47.245.64.0/19", "139.95.16.0/23", "47.77.20.0/22", "240b:400f::/33", "47.235.2.0/23", "8.221.0.0/17", "8.213.160.0/22", "8.215.169.0/24", "170.33.81.0/24", "47.89.124.0/24", "47.235.30.0/24", "47.79.62.0/23", "43.96.68.0/24", "47.246.120.0/24", "8.221.192.0/21", "8.221.184.0/22", "47.77.136.0/21", "8.220.224.0/19", "156.240.76.0/23", "8.208.141.0/24", "2404:2280:2000::/37", "47.84.128.0/17", "47.85.0.0/17", "8.217.0.0/17", "47.89.84.0/24", "47.238.0.0/15", "47.86.128.0/17", "240b:4011:8000::/33", "240b:4006:1000::/47", "47.246.134.0/23", "47.79.96.0/20", "47.79.0.0/21", "47.89.103.0/24", "47.89.97.0/24", "240b:4000::/33", "47.242.0.0/16", "47.56.0.0/15", "47.91.32.0/20", "147.139.192.0/18", "240b:4013::/33", "47.79.40.0/21", "8.209.46.0/23", "47.82.48.0/21", "47.82.40.0/21", "47.87.192.0/22", "47.87.192.0/23", "47.87.194.0/23", "47.87.196.0/22", "47.87.196.0/23", "47.87.198.0/23", "240b:400c:ffff::/48", "47.87.208.0/23", "47.87.210.0/23", "47.87.208.0/22", "47.87.222.0/23", "47.87.216.0/23", "47.87.200.0/23", "47.87.220.0/23", "47.87.216.0/22", "47.87.224.0/22", "47.87.204.0/22", "47.87.212.0/23", "47.87.226.0/23", "47.87.200.0/22", "47.87.206.0/23", "43.100.0.0/16", "47.87.212.0/22", "47.87.218.0/23", "47.87.214.0/23", "43.100.0.0/15", "47.87.204.0/23", "47.87.220.0/22", "43.101.0.0/16", "47.87.224.0/23", "47.87.202.0/23"]

-4

packages/anubis-files/src/rules/challenge/generic-browser.yaml

···

       1
       1
       -
       - name: generic-browser

     

       2
       2
       -
         user_agent_regex: >-

     

       3
       3
       -
           Mozilla|Opera

     

       4
       4
       -
         action: CHALLENGE

+26

packages/bgutil-pot-server/librusty_v8.nix

···

       1
       1
       +
       # COPIED FROM nixpkgs/pkgs/by-name/router

     

       2
       2
       +
       {

     

       3
       3
       +
         lib,

     

       4
       4
       +
         stdenv,

     

       5
       5
       +
         fetchurl,

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         fetch_librusty_v8 =

     

       10
       10
       +
           args:

     

       11
       11
       +
           fetchurl {

     

       12
       12
       +
             name = "librusty_v8-${args.version}";

     

       13
       13
       +
             url = "https://github.com/denoland/rusty_v8/releases/download/v${args.version}/librusty_v8_release_${stdenv.hostPlatform.rust.rustcTarget}.a";

     

       14
       14
       +
             sha256 = args.shas.${stdenv.hostPlatform.system};

     

       15
       15
       +
             meta = {

     

       16
       16
       +
               inherit (args) version;

     

       17
       17
       +
               sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];

     

       18
       18
       +
             };

     

       19
       19
       +
           };

     

       20
       20
       +
       in

     

       21
       21
       +
       fetch_librusty_v8 {

     

       22
       22
       +
         version = "130.0.7";

     

       23
       23
       +
         shas = {

     

       24
       24
       +
           x86_64-linux = "sha256-pkdsuU6bAkcIHEZUJOt5PXdzK424CEgTLXjLtQ80t10=";

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+49

packages/bgutil-pot-server/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         callPackage,

     

       4
       4
       +
         rustPlatform,

     

       5
       5
       +
         fetchFromGitHub,

     

       6
       6
       +
         pkg-config,

     

       7
       7
       +
         openssl,

     

       8
       8
       +
         _experimental-update-script-combinators,

     

       9
       9
       +
         nix-update-script,

     

       10
       10
       +
       }:

     

       11
       11
       +
       rustPlatform.buildRustPackage (finalAttrs: {

     

       12
       12
       +
         pname = "bgutil-pot-server";

     

       13
       13
       +
         version = "0.6.0";

     

       14
       14
       +
       

     

       15
       15
       +
         src = fetchFromGitHub {

     

       16
       16
       +
           owner = "jim60105";

     

       17
       17
       +
           repo = "bgutil-ytdlp-pot-provider-rs";

     

       18
       18
       +
           tag = "v${finalAttrs.version}";

     

       19
       19
       +
           hash = "sha256-kEu5WqOymH8yAyMhGKtVPOq3qlTRpFU/FO71uWEX/e8=";

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         cargoHash = "sha256-fJZeyIsFUfpWeC1MWsU1hANb6cqC9xHQOnhcohEMTeM=";

     

       23
       23
       +
       

     

       24
       24
       +
         nativeBuildInputs = [

     

       25
       25
       +
           pkg-config

     

       26
       26
       +
         ];

     

       27
       27
       +
       

     

       28
       28
       +
         buildInputs = [

     

       29
       29
       +
           openssl

     

       30
       30
       +
         ];

     

       31
       31
       +
       

     

       32
       32
       +
         env.RUSTY_V8_ARCHIVE = callPackage ./librusty_v8.nix { };

     

       33
       33
       +
       

     

       34
       34
       +
         doCheck = false;

     

       35
       35
       +
       

     

       36
       36
       +
         passthru.updateScript = _experimental-update-script-combinators.sequence [

     

       37
       37
       +
           (nix-update-script { })

     

       38
       38
       +
           ./update-librusty.sh

     

       39
       39
       +
         ];

     

       40
       40
       +
       

     

       41
       41
       +
         meta = {

     

       42
       42
       +
           changelog = "https://github.com/jim60105/bgutil-ytdlp-pot-provider-rs/releases/tag/v${finalAttrs.version}";

     

       43
       43
       +
           description = "Proof-of-origin token provider plugin for yt-dlp in Rust";

     

       44
       44
       +
           homepage = "https://github.com/jim60105/bgutil-ytdlp-pot-provider-rs";

     

       45
       45
       +
           license = lib.licenses.gpl3Plus;

     

       46
       46
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       47
       47
       +
           mainProgram = "bgutil-pot";

     

       48
       48
       +
         };

     

       49
       49
       +
       })

+45

packages/bgutil-pot-server/update-librusty.sh

···

       1
       1
       +
       #!/usr/bin/env nix-shell

     

       2
       2
       +
       #!nix-shell -i bash -p gnugrep gnused nix jq

     

       3
       3
       +
       # shellcheck shell=bash

     

       4
       4
       +
       # COPIED FROM nixpkgs/pkgs/by-name/wi/windmill

     

       5
       5
       +
       

     

       6
       6
       +
       set -eu -o pipefail

     

       7
       7
       +
       

     

       8
       8
       +
       echo "librusty_v8: UPDATING"

     

       9
       9
       +
       

     

       10
       10
       +
       BGUTIL_LATEST_VERSION=$(curl ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} --silent --fail --location "https://api.github.com/repos/jim60105/bgutil-ytdlp-pot-provider-rs/releases/latest" | jq --raw-output .tag_name)

     

       11
       11
       +
       CARGO_LOCK=$(curl ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} --silent --fail --location "https://github.com/jim60105/bgutil-ytdlp-pot-provider-rs/raw/$BGUTIL_LATEST_VERSION/Cargo.lock")

     

       12
       12
       +
       

     

       13
       13
       +
       PACKAGE_DIR=$(dirname "$(readlink --canonicalize-existing "${BASH_SOURCE[0]}")")

     

       14
       14
       +
       OUTPUT_FILE="$PACKAGE_DIR/librusty_v8.nix"

     

       15
       15
       +
       NEW_VERSION=$(echo "$CARGO_LOCK" | grep --after-context 5 'name = "v8"' | grep 'version =' | sed -E 's/version = "//;s/"//')

     

       16
       16
       +
       

     

       17
       17
       +
       CURRENT_VERSION=""

     

       18
       18
       +
       if [ -f "$OUTPUT_FILE" ]; then

     

       19
       19
       +
         CURRENT_VERSION="$(grep 'version =' "$OUTPUT_FILE" | sed -E 's/version = "//;s/"//')"

     

       20
       20
       +
       fi

     

       21
       21
       +
       

     

       22
       22
       +
       if [ "$CURRENT_VERSION" == "$NEW_VERSION" ]; then

     

       23
       23
       +
         echo "No update needed, $CURRENT_VERSION is already latest"

     

       24
       24
       +
         exit 0

     

       25
       25
       +
       fi

     

       26
       26
       +
       

     

       27
       27
       +
       x86Hash="$(nix-prefetch-url --type sha256 https://github.com/denoland/rusty_v8/releases/download/v"$NEW_V")"

     

       28
       28
       +
       TEMP_FILE="$OUTPUT_FILE.tmp"

     

       29
       29
       +
       cat >"$TEMP_FILE" <<EOF

     

       30
       30
       +
       # COPIED FROM nixpkgs/pkgs/by-name/wi/windmill

     

       31
       31
       +
       # auto-generated file -- DO NOT EDIT!

     

       32
       32
       +
       { fetchLibrustyV8 }:

     

       33
       33
       +
       

     

       34
       34
       +
       fetchLibrustyV8 {

     

       35
       35
       +
         version = "$NEW_VERSION";

     

       36
       36
       +
         shas = {

     

       37
       37
       +
           # NOTE; Follows supported platforms of package (see meta.platforms attribute)!

     

       38
       38
       +
           x86_64-linux = "$(nix hash convert --hash-algo sha256 --from nix32 "$x86Hash")";

     

       39
       39
       +
         };

     

       40
       40
       +
       }

     

       41
       41
       +
       EOF

     

       42
       42
       +
       

     

       43
       43
       +
       mv "$TEMP_FILE" "$OUTPUT_FILE"

     

       44
       44
       +
       

     

       45
       45
       +
       echo "librusty_v8: UPDATE DONE"

+147

packages/glide-browser-bin/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchurl,

     

       5
       5
       +
         # keep-sorted start

     

       6
       6
       +
         adwaita-icon-theme,

     

       7
       7
       +
         alsa-lib,

     

       8
       8
       +
         autoPatchelfHook,

     

       9
       9
       +
         copyDesktopItems,

     

       10
       10
       +
         curl,

     

       11
       11
       +
         dbus-glib,

     

       12
       12
       +
         gtk3,

     

       13
       13
       +
         hicolor-icon-theme,

     

       14
       14
       +
         libXtst,

     

       15
       15
       +
         libva,

     

       16
       16
       +
         makeBinaryWrapper,

     

       17
       17
       +
         makeDesktopItem,

     

       18
       18
       +
         patchelfUnstable,

     

       19
       19
       +
         pciutils,

     

       20
       20
       +
         pipewire,

     

       21
       21
       +
         wrapGAppsHook3,

     

       22
       22
       +
         # keep-sorted end

     

       23
       23
       +
         nix-update-script,

     

       24
       24
       +
         ...

     

       25
       25
       +
       }:

     

       26
       26
       +
       stdenv.mkDerivation (finalAttrs: {

     

       27
       27
       +
         pname = "glide-browser";

     

       28
       28
       +
         version = "0.1.55a";

     

       29
       29
       +
       

     

       30
       30
       +
         src = fetchurl {

     

       31
       31
       +
           url = "https://github.com/glide-browser/glide/releases/download/${finalAttrs.version}/glide.linux-x86_64.tar.xz";

     

       32
       32
       +
           hash = "sha256-mjk8KmB/T5ZpB9AMQw1mtb9VbMXVX2VV4N+hWpWkSYI=";

     

       33
       33
       +
         };

     

       34
       34
       +
       

     

       35
       35
       +
         nativeBuildInputs = [

     

       36
       36
       +
           # keep-sorted start

     

       37
       37
       +
           autoPatchelfHook

     

       38
       38
       +
           copyDesktopItems

     

       39
       39
       +
           makeBinaryWrapper

     

       40
       40
       +
           patchelfUnstable

     

       41
       41
       +
           wrapGAppsHook3

     

       42
       42
       +
           # keep-sorted end

     

       43
       43
       +
         ];

     

       44
       44
       +
       

     

       45
       45
       +
         buildInputs = [

     

       46
       46
       +
           # keep-sorted start

     

       47
       47
       +
           adwaita-icon-theme

     

       48
       48
       +
           alsa-lib

     

       49
       49
       +
           dbus-glib

     

       50
       50
       +
           gtk3

     

       51
       51
       +
           hicolor-icon-theme

     

       52
       52
       +
           libXtst

     

       53
       53
       +
           # keep-sorted end

     

       54
       54
       +
         ];

     

       55
       55
       +
       

     

       56
       56
       +
         runtimeDependencies = [

     

       57
       57
       +
           # keep-sorted start

     

       58
       58
       +
           curl

     

       59
       59
       +
           libva.out

     

       60
       60
       +
           pciutils

     

       61
       61
       +
           # keep-sorted end

     

       62
       62
       +
         ];

     

       63
       63
       +
       

     

       64
       64
       +
         appendRunpaths = [ "${pipewire}/lib" ];

     

       65
       65
       +
       

     

       66
       66
       +
         # Firefox uses "relrhack" to manually process relocations from a fixed offset

     

       67
       67
       +
         patchelfFlags = [ "--no-clobber-old-sections" ];

     

       68
       68
       +
       

     

       69
       69
       +
         installPhase = ''

     

       70
       70
       +
           runHook preInstall

     

       71
       71
       +
       

     

       72
       72
       +
           mkdir -p $out/bin $out/share/icons/hicolor/ $out/lib/glide-browser-bin-${finalAttrs.version}

     

       73
       73
       +
           cp -t $out/lib/glide-browser-bin-${finalAttrs.version} -r *

     

       74
       74
       +
           chmod +x $out/lib/glide-browser-bin-${finalAttrs.version}/glide

     

       75
       75
       +
           iconDir=$out/share/icons/hicolor

     

       76
       76
       +
           browserIcons=$out/lib/glide-browser-bin-${finalAttrs.version}/browser/chrome/icons/default

     

       77
       77
       +
       

     

       78
       78
       +
           for i in 16 32 48 64 128; do

     

       79
       79
       +
             iconSizeDir="$iconDir/''${i}x$i/apps"

     

       80
       80
       +
             mkdir -p $iconSizeDir

     

       81
       81
       +
             cp $browserIcons/default$i.png $iconSizeDir/glide-browser.png

     

       82
       82
       +
           done

     

       83
       83
       +
       

     

       84
       84
       +
       

     

       85
       85
       +
           ln -s $out/lib/glide-browser-bin-${finalAttrs.version}/glide $out/bin/glide

     

       86
       86
       +
           ln -s $out/bin/glide $out/bin/glide-browser

     

       87
       87
       +
       

     

       88
       88
       +
           runHook postInstall

     

       89
       89
       +
         '';

     

       90
       90
       +
       

     

       91
       91
       +
         desktopItems = [

     

       92
       92
       +
           (makeDesktopItem {

     

       93
       93
       +
             name = "glide-browser-bin";

     

       94
       94
       +
             exec = "glide-browser --name glide-browser %U";

     

       95
       95
       +
             icon = "glide-browser";

     

       96
       96
       +
             desktopName = "Glide Browser";

     

       97
       97
       +
             genericName = "Web Browser";

     

       98
       98
       +
             terminal = false;

     

       99
       99
       +
             startupNotify = true;

     

       100
       100
       +
             startupWMClass = "glide-browser";

     

       101
       101
       +
             categories = [

     

       102
       102
       +
               "Network"

     

       103
       103
       +
               "WebBrowser"

     

       104
       104
       +
             ];

     

       105
       105
       +
             mimeTypes = [

     

       106
       106
       +
               "text/html"

     

       107
       107
       +
               "text/xml"

     

       108
       108
       +
               "application/xhtml+xml"

     

       109
       109
       +
               "application/vnd.mozilla.xul+xml"

     

       110
       110
       +
               "x-scheme-handler/http"

     

       111
       111
       +
               "x-scheme-handler/https"

     

       112
       112
       +
             ];

     

       113
       113
       +
             actions = {

     

       114
       114
       +
               new-window = {

     

       115
       115
       +
                 name = "New Window";

     

       116
       116
       +
                 exec = "glide-browser --new-window %U";

     

       117
       117
       +
               };

     

       118
       118
       +
               new-private-window = {

     

       119
       119
       +
                 name = "New Private Window";

     

       120
       120
       +
                 exec = "glide-browser --private-window %U";

     

       121
       121
       +
               };

     

       122
       122
       +
               profile-manager-window = {

     

       123
       123
       +
                 name = "Profile Manager";

     

       124
       124
       +
                 exec = "glide-browser --ProfileManager";

     

       125
       125
       +
               };

     

       126
       126
       +
             };

     

       127
       127
       +
           })

     

       128
       128
       +
         ];

     

       129
       129
       +
       

     

       130
       130
       +
         passthru.updateScript = nix-update-script {

     

       131
       131
       +
           extraArgs = [

     

       132
       132
       +
             "--url"

     

       133
       133
       +
             "https://github.com/glide-browser/glide"

     

       134
       134
       +
           ];

     

       135
       135
       +
         };

     

       136
       136
       +
       

     

       137
       137
       +
         meta = {

     

       138
       138
       +
           changelog = "https://glide-browser.app/changelog#${finalAttrs.version}";

     

       139
       139
       +
           description = "Extensible and keyboard-focused web browser, based on Firefox (binary package)";

     

       140
       140
       +
           homepage = "https://glide-browser.app/";

     

       141
       141
       +
           license = lib.licenses.mpl20;

     

       142
       142
       +
           sourceProvenance = [ lib.sourceTypes.binaryNativeCode ];

     

       143
       143
       +
           platforms = [ "x86_64-linux" ];

     

       144
       144
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       145
       145
       +
           mainProgram = "glide-browser";

     

       146
       146
       +
         };

     

       147
       147
       +
       })

+3 -3

packages/jellyfin-exporter/package.nix

···

       6
       6
        
       }:

     

       7
       7
        
       buildGoModule (finalAttrs: {

     

       8
       8
        
         pname = "jellyfin-exporter";

     

       9
       9
       -
         version = "1.3.8";

     

       9
       9
       +
         version = "1.3.9";

     

       10
       10
        
       

     

       11
       11
        
         src = fetchFromGitHub {

     

       12
       12
        
           owner = "rebelcore";

     

       13
       13
        
           repo = "jellyfin_exporter";

     

       14
       14
        
           tag = "v${finalAttrs.version}";

     

       15
       15
       -
           hash = "sha256-7fIrjcy6y/Ayj43WeuPNCx3uVJyl5Wf6bWs5ta2PpWc=";

     

       15
       15
       +
           hash = "sha256-oHPzdV+Fe7XmSyRWm5jh7oGqlY9uyLy7u9tCTlkfhQk=";

     

       16
       16
        
         };

     

       17
       17
        
       

     

       18
       18
        
         # We need to patch the tests since we don't move the binary to `$GOPATH/bin`, but to `$out/bin` instead.

     
···

       21
       21
        
             --replace-fail "GOPATH" "out"

     

       22
       22
        
         '';

     

       23
       23
        
       

     

       24
       24
       -
         vendorHash = "sha256-JSOKDbefQyDLNy2y1oW7HUplQw8uhhOGZ+ueWyUYYQ0=";

     

       24
       24
       +
         vendorHash = "sha256-Z3XM4vTsm5R/Me1jR9oqLcWqmEn1bd653UNvDKLM80g=";

     

       25
       25
        
       

     

       26
       26
        
         meta = {

     

       27
       27
        
           changelog = "https://github.com/rebelcore/jellyfin_exporter/blob/v${finalAttrs.version}/CHANGELOG.md";

+138

packages/planka/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         fetchNpmDeps,

     

       6
       6
       +
         nix-update-script,

     

       7
       7
       +
         npmHooks,

     

       8
       8
       +
         dart-sass,

     

       9
       9
       +
         nodejs,

     

       10
       10
       +
         python3,

     

       11
       11
       +
       }:

     

       12
       12
       +
       let

     

       13
       13
       +
         version = "2.0.0-rc.4";

     

       14
       14
       +
         src = fetchFromGitHub {

     

       15
       15
       +
           owner = "plankanban";

     

       16
       16
       +
           repo = "planka";

     

       17
       17
       +
           tag = "v${version}";

     

       18
       18
       +
           hash = "sha256-RUOIOXrpoNGxoKwUlgkPsk4kTnA95E+iwYIjBzSBoTA=";

     

       19
       19
       +
         };

     

       20
       20
       +
         meta = {

     

       21
       21
       +
           description = "Kanban-style project mastering tool for everyone";

     

       22
       22
       +
           homepage = "https://docs.planka.cloud/";

     

       23
       23
       +
           license = {

     

       24
       24
       +
             fullName = "Planka Community License";

     

       25
       25
       +
             url = "https://github.com/plankanban/planka/blob/master/LICENSE.md";

     

       26
       26
       +
             free = false;

     

       27
       27
       +
             redistributable = true;

     

       28
       28
       +
           };

     

       29
       29
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       30
       30
       +
         };

     

       31
       31
       +
       

     

       32
       32
       +
         frontend = stdenv.mkDerivation (finalAttrs: {

     

       33
       33
       +
           pname = "planka-frontend";

     

       34
       34
       +
           inherit version src meta;

     

       35
       35
       +
       

     

       36
       36
       +
           sourceRoot = "${finalAttrs.src.name}/client";

     

       37
       37
       +
       

     

       38
       38
       +
           npmDeps = fetchNpmDeps {

     

       39
       39
       +
             inherit (finalAttrs) src sourceRoot;

     

       40
       40
       +
             hash = "sha256-XtVwO8253XBVtG0jrikeVr1yaS1PpphCbN5B6jz54qc=";

     

       41
       41
       +
           };

     

       42
       42
       +
       

     

       43
       43
       +
           npmFlags = [

     

       44
       44
       +
             "--ignore-scripts"

     

       45
       45
       +
           ];

     

       46
       46
       +
       

     

       47
       47
       +
           nativeBuildInputs = [

     

       48
       48
       +
             npmHooks.npmConfigHook

     

       49
       49
       +
             nodejs

     

       50
       50
       +
             dart-sass

     

       51
       51
       +
           ];

     

       52
       52
       +
       

     

       53
       53
       +
           buildPhase = ''

     

       54
       54
       +
             runHook preBuild

     

       55
       55
       +
       

     

       56
       56
       +
             npx patch-package

     

       57
       57
       +
       

     

       58
       58
       +
             # Replace dart path in sass-embedded since node_modules doesn't have the native binary

     

       59
       59
       +
             substituteInPlace node_modules/sass-embedded/dist/lib/src/compiler-path.js \

     

       60
       60
       +
               --replace-fail 'compilerCommand = (() => {' 'compilerCommand = (() => { return ["${lib.getExe dart-sass}"];'

     

       61
       61
       +
       

     

       62
       62
       +
             npm run build

     

       63
       63
       +
       

     

       64
       64
       +
             runHook postBuild

     

       65
       65
       +
           '';

     

       66
       66
       +
       

     

       67
       67
       +
           installPhase = ''

     

       68
       68
       +
             runHook preInstall

     

       69
       69
       +
       

     

       70
       70
       +
             mkdir $out/

     

       71
       71
       +
             mv dist $out/dist

     

       72
       72
       +
       

     

       73
       73
       +
             runHook postInstall

     

       74
       74
       +
           '';

     

       75
       75
       +
         });

     

       76
       76
       +
       

     

       77
       77
       +
         serverPython = python3.withPackages (ps: [ ps.apprise ]);

     

       78
       78
       +
       in

     

       79
       79
       +
       stdenv.mkDerivation (finalAttrs: {

     

       80
       80
       +
         pname = "planka";

     

       81
       81
       +
         inherit version src;

     

       82
       82
       +
       

     

       83
       83
       +
         sourceRoot = "${finalAttrs.src.name}/server";

     

       84
       84
       +
       

     

       85
       85
       +
         npmDeps = fetchNpmDeps {

     

       86
       86
       +
           inherit (finalAttrs) src sourceRoot;

     

       87
       87
       +
           hash = "sha256-yW9uzPALGdPrrUV129ToXayLyeLbAK9mCl2emCPYUdc=";

     

       88
       88
       +
         };

     

       89
       89
       +
       

     

       90
       90
       +
         npmFlags = [ "--ignore-scripts" ];

     

       91
       91
       +
       

     

       92
       92
       +
         nativeBuildInputs = [

     

       93
       93
       +
           npmHooks.npmConfigHook

     

       94
       94
       +
           nodejs

     

       95
       95
       +
         ];

     

       96
       96
       +
       

     

       97
       97
       +
         buildInputs = [

     

       98
       98
       +
           serverPython

     

       99
       99
       +
           nodejs

     

       100
       100
       +
         ];

     

       101
       101
       +
       

     

       102
       102
       +
         preBuild = ''

     

       103
       103
       +
           # Patch notifs helper to use nixpkgs' python

     

       104
       104
       +
           substituteInPlace api/helpers/utils/send-notifications.js \

     

       105
       105
       +
             --replace-fail '(`$' '(`' \

     

       106
       106
       +
             --replace-fail "{sails.config.appPath}/.venv/bin/python3" "${lib.getExe serverPython}"

     

       107
       107
       +
         '';

     

       108
       108
       +
       

     

       109
       109
       +
         buildPhase = ''

     

       110
       110
       +
           runHook preBuild

     

       111
       111
       +
       

     

       112
       112
       +
           npx patch-package

     

       113
       113
       +
       

     

       114
       114
       +
           runHook postBuild

     

       115
       115
       +
         '';

     

       116
       116
       +
       

     

       117
       117
       +
         installPhase = ''

     

       118
       118
       +
           runHook preInstall

     

       119
       119
       +
       

     

       120
       120
       +
           npm prune --omit=dev --no-save $npmFlags "$${npmFlagsArray[@]}"

     

       121
       121
       +
           find node_modules -maxdepth 1 -type d -empty -delete

     

       122
       122
       +
       

     

       123
       123
       +
           mkdir -p $out/lib/node_modules/planka

     

       124
       124
       +
           mkdir $out/bin

     

       125
       125
       +
           mv * $out/lib/node_modules/planka

     

       126
       126
       +
           cp -t $out/lib/node_modules/planka/public -r ${frontend}/dist/*

     

       127
       127
       +
           cp ${frontend}/dist/index.html $out/lib/node_modules/planka/views/index.html

     

       128
       128
       +
       

     

       129
       129
       +
           ln -s $out/lib/node_modules/planka/start.sh $out/bin/planka

     

       130
       130
       +
       

     

       131
       131
       +
           runHook postInstall

     

       132
       132
       +
         '';

     

       133
       133
       +
       

     

       134
       134
       +
         passthru.updateScript = nix-update-script { extraArgs = [ "--version=unstable" ]; };

     

       135
       135
       +
         meta = meta // {

     

       136
       136
       +
           mainProgram = "planka";

     

       137
       137
       +
         };

     

       138
       138
       +
       })

Compare changes