diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 59496ef..f1fa1f7 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -26,12 +26,14 @@ ./modules/ddclient.nix # ./modules/wol.nix + # microvm ./modules/microvm.nix ./modules/gitea-vm.nix # ./modules/vscode-server.nix # Add VS Code Server microvm ./modules/ai-mailer.nix + ./modules/wazuh.nix # web ./modules/web diff --git a/hosts/fw/modules/ai-mailer.nix b/hosts/fw/modules/ai-mailer.nix index e493e33..51d4e21 100644 --- a/hosts/fw/modules/ai-mailer.nix +++ b/hosts/fw/modules/ai-mailer.nix @@ -49,7 +49,7 @@ logging: level: "info" - file_path: "/var/log/ai-mailer.log" + file_path: "/var/log/ai-mailer/ai-mailer.log" ''; }; @@ -72,7 +72,7 @@ User = "ai-mailer"; Group = "ai-mailer"; WorkingDirectory = "/var/lib/ai-mailer"; - ExecStart = "${pkgs.ai-mailer}/bin/paraclub-ai-mailer -config /etc/ai-mailer/config.yaml"; + ExecStart = "${pkgs.ai-mailer}/bin/ai-mailer -config /etc/ai-mailer/config.yaml"; Restart = "always"; RestartSec = "10s"; StateDirectory = "ai-mailer"; diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix index d57c823..8217224 100644 --- a/hosts/fw/modules/ddclient.nix +++ b/hosts/fw/modules/ddclient.nix @@ -15,6 +15,7 @@ "palworld.cloonar.com" "matrix.cloonar.com" "element.cloonar.com" + "tinder.cloonar.com" ]; }; diff --git a/hosts/fw/modules/home-assistant/default.nix b/hosts/fw/modules/home-assistant/default.nix index b9b46ed..8ae9904 100644 --- a/hosts/fw/modules/home-assistant/default.nix +++ b/hosts/fw/modules/home-assistant/default.nix @@ -4,7 +4,7 @@ let pkgs-with-home-assistant = import (builtins.fetchGit { name = "new-home-assistant"; url = "https://github.com/nixos/nixpkgs/"; - rev = "41dea55321e5a999b17033296ac05fe8a8b5a257"; + rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11"; }) {}; networkPrefix = config.networkPrefix; in @@ -161,7 +161,7 @@ in }; script = '' set -e - HACS_VERSION="2.0.1" # Replace with the latest version + HACS_VERSION="2.0.5" # Replace with the latest version HACS_DIR="/var/lib/hass/custom_components/hacs" mkdir -p "$HACS_DIR" diff --git a/hosts/fw/modules/home-assistant/multimedia.nix b/hosts/fw/modules/home-assistant/multimedia.nix index 9b10343..d864b83 100644 --- a/hosts/fw/modules/home-assistant/multimedia.nix +++ b/hosts/fw/modules/home-assistant/multimedia.nix @@ -76,7 +76,7 @@ { service = "automation.turn_off"; target = { - entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID + entity_id = "automation.all_multimedia_off"; }; } { @@ -115,7 +115,7 @@ { service = "automation.turn_on"; target = { - entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID + entity_id = "automation.all_multimedia_off"; }; } ]; @@ -289,6 +289,9 @@ command = "b64:JgDaAAABKZMUERMSExITEhMSExETEhMSExITEhMSExETNxQ2ExITEhMSEzcTNxM3ExITEhM3ExITNxMSEhITEhM3EzcTEhM3EwAFyAABKJQUERMSEhITEhMSExITEhMSEhITEhMSExITNxM3ExITEhMREzcTNxQ3EhITEhM3ExITNxMSExITEhM3EzcTEhM3EwAFyAABKJQUERMSExETEhMSExITEhMSExETEhMSExITNxM3ExITEhMREzcTOBI4ExETEhM3ExITNxMSExITEhM3EzcTEhM3E5IGAA0FAAAAAAAAAAAAAAAAAAA="; }; } + { + delay = 20; + } # turn off tv switch { service = "switch.turn_off"; diff --git a/hosts/fw/modules/setupnetwork.nix b/hosts/fw/modules/setupnetwork.nix index de27e37..5c71176 100644 --- a/hosts/fw/modules/setupnetwork.nix +++ b/hosts/fw/modules/setupnetwork.nix @@ -26,6 +26,7 @@ }; subnet4 = [ { + id = 110; pools = [ { pool = "${config.networkPrefix}.110.100 - ${config.networkPrefix}.110.240"; diff --git a/hosts/fw/modules/tinder-api.nix b/hosts/fw/modules/tinder-api.nix new file mode 100644 index 0000000..520cff8 --- /dev/null +++ b/hosts/fw/modules/tinder-api.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.tinder-api-wrapper; +in { + options.services.tinder-api-wrapper = with lib; { + enable = mkEnableOption "Tinder API wrapper service"; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port to listen on"; + }; + + apiEndpoint = mkOption { + type = types.str; + default = "https://api.gotinder.com"; + description = "Target Tinder API endpoint URL"; + }; + + user = mkOption { + type = types.str; + default = "tinder-api"; + description = "User account to run service."; + }; + + group = mkOption { + type = types.str; + default = "tinder-api"; + description = "Group account to run service."; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [ + (self: super: { + tinder-api-wrapper = self.callPackage ../pkgs/tinder-api.nix {}; + }) + ]; + + users.users.${cfg.user} = { + isSystemUser = true; + group = cfg.group; + description = "Tinder API wrapper service user"; + }; + + users.groups.${cfg.group} = {}; + + systemd.services.tinder-api-wrapper = { + description = "Tinder API Wrapper Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${pkgs.tinder-api-wrapper}/bin/server -listen :${toString cfg.port} -target ${cfg.apiEndpoint}"; + Restart = "always"; + RestartSec = "10"; + + # Hardening + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + }; + }; + }; +} diff --git a/hosts/fw/modules/unbound.nix b/hosts/fw/modules/unbound.nix index 83745e3..d4f9012 100644 --- a/hosts/fw/modules/unbound.nix +++ b/hosts/fw/modules/unbound.nix @@ -54,6 +54,9 @@ let "\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\"" "\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\"" "\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\"" + "\"wazuh-manager.cloonar.com IN A ${config.networkPrefix}.97.31\"" + "\"wazuh-indexer.cloonar.com IN A ${config.networkPrefix}.97.32\"" + "\"wazuh.cloonar.com IN A ${config.networkPrefix}.97.33\"" "\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\"" "\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\"" "\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\"" @@ -61,6 +64,7 @@ let "\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"element.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"support.cloonar.com IN A ${config.networkPrefix}.97.5\"" + "\"tinder.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"git.cloonar.com IN A ${config.networkPrefix}.97.50\"" "\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\"" diff --git a/hosts/fw/modules/wazuh.nix b/hosts/fw/modules/wazuh.nix new file mode 100644 index 0000000..58c1281 --- /dev/null +++ b/hosts/fw/modules/wazuh.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: + +{ + virtualisation.oci-containers.containers = { + # Wazuh Manager Container + wazuh-manager = { + autoStart = false; + image = "docker://wazuh/wazuh-manager:latest"; + volumes = [ + "/var/lib/wazuh:/var/ossec" + ]; + extraOptions = [ + "--network=server" + "--mac-address=10:10:00:00:00:01" + "--ip=${config.networkPrefix}.97.31" + ]; + }; + + # Wazuh Indexer Container (Elasticsearch) + wazuh-indexer = { + autoStart = false; + image = "docker://wazuh/wazuh-indexer:latest"; + volumes = [ + "/var/lib/wazuh-indexer:/usr/share/elasticsearch/data" + ]; + environment = { + "discovery.type" = "single-node"; + }; + extraOptions = [ + "--network=server" + "--mac-address=10:10:00:00:00:02" + "--ip=${config.networkPrefix}.97.32" + ]; + }; + + # Wazuh Dashboard Container (Kibana) + wazuh-dashboard = { + autoStart = false; + image = "docker://wazuh/wazuh-dashboard:latest"; + volumes = [ + "/var/lib/wazuh-indexer:/usr/share/elasticsearch/data" + ]; + environment = { + "discovery.type" = "single-node"; + }; + environment = { + # Optionally, configure to connect to the indexer/manager: + WAZUH_INDEXER_URL = "http://wazuh-indexer.cloonar.com:9200"; + WAZUH_MANAGER_URL = "http://wazuh-manager.cloonar.com:55000"; + }; + extraOptions = [ + "--network=server" + "--mac-address=10:10:00:00:00:03" + "--ip=${config.networkPrefix}.97.33" + ]; + }; + }; +} diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index 3fcfad8..886f946 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -52,11 +52,13 @@ in { ../network-prefix.nix ../../utils/modules/sops.nix ../../utils/modules/lego/lego.nix + ../../modules/tinder-api.nix # ../../utils/modules/borgbackup.nix ./zammad.nix ./proxies.nix ./matrix.nix + ./tinder-api.nix ]; networkPrefix = config.networkPrefix; diff --git a/hosts/fw/modules/web/tinder-api.nix b/hosts/fw/modules/web/tinder-api.nix new file mode 100644 index 0000000..fec8623 --- /dev/null +++ b/hosts/fw/modules/web/tinder-api.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: + +{ + services.tinder-api-wrapper = { + enable = true; + port = 8080; # default port + apiEndpoint = "https://api.gotinder.com"; + }; + + services.nginx.virtualHosts."tinder.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; + extraConfig = + "proxy_set_header X-Forwarded-Proto 'https';" + + "proxy_set_header X-Forwarded-Ssl on;" + + "proxy_connect_timeout 300;" + + "proxy_send_timeout 300;" + + "proxy_read_timeout 300;" + + "send_timeout 300;" + ; + }; + }; +} diff --git a/hosts/fw/pkgs/tinder-api.nix b/hosts/fw/pkgs/tinder-api.nix new file mode 100644 index 0000000..90abf1c --- /dev/null +++ b/hosts/fw/pkgs/tinder-api.nix @@ -0,0 +1,21 @@ +{ lib, buildGoModule, fetchgit }: + +buildGoModule rec { + pname = "tinder-api-wrapper"; + version = "0.1.0"; + + src = fetchgit { + url = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper.git"; + rev = "e99b56e4346ac4ae5c1e0747e51ff3a0259440d3"; + sha256 = "sha256-ZGuoFVaTBJcnGiToNvk+MRD+zW9IUQldbbqFVLEfkeU="; + }; + + vendorHash = null; + + meta = with lib; { + description = "Tinder API Wrapper Service"; + homepage = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper"; + license = licenses.mit; + maintainers = with maintainers; [ /* add maintainers */ ]; + }; +} diff --git a/hosts/mail/modules/dovecot.nix b/hosts/mail/modules/dovecot.nix index 1bbc9c3..a9ef486 100644 --- a/hosts/mail/modules/dovecot.nix +++ b/hosts/mail/modules/dovecot.nix @@ -255,7 +255,7 @@ in "imap-test.${domain}" "imap-02.${domain}" ]; - postRun = "sleep 2 && systemctl restart dovecot2.service"; + postRun = "systemctl --no-block restart dovecot2.service"; }; networking.firewall.allowedTCPPorts = [ diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 30f3548..6302db1 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -27,13 +27,16 @@ in { ./modules/sway/sway.nix ./modules/printer.nix # ./modules/cyberghost.nix - ./modules/nvim/default.nix ./utils/modules/autoupgrade.nix ./modules/puppeteer.nix ./cachix.nix ./users + # coding + ./modules/nvim/default.nix + ./modules/coding.nix + # ./modules/steam.nix ./hardware-configuration.nix @@ -200,12 +203,14 @@ in { git-filter-repo nix-prefetch-git openaudible + openmanus vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget wireguard-tools wineWowPackages.stable wineWowPackages.fonts winetricks + pinentry-curses # ykfde ]; @@ -267,6 +272,14 @@ in { }; }; + # pgp + services.pcscd.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-curses; + }; + # networking.networkmanager.insertNameservers = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ]; # services.avahi.enable = false; # networking.resolvconf.enable = lib.mkForce false; diff --git a/hosts/nb/modules/coding.nix b/hosts/nb/modules/coding.nix new file mode 100644 index 0000000..92ba90d --- /dev/null +++ b/hosts/nb/modules/coding.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: +let + unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { + config = { allowUnfree = true; }; + }; +in { + environment.systemPackages = with pkgs; [ + unstable.claude-code + ]; +} diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix new file mode 100644 index 0000000..37e24cf --- /dev/null +++ b/hosts/nb/modules/development/default.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { + config = { allowUnfree = true; }; + }; +in { + imports = [ + ./mcp.nix + ]; +} diff --git a/hosts/nb/modules/development/mcp.nix b/hosts/nb/modules/development/mcp.nix new file mode 100644 index 0000000..bd8cc6d --- /dev/null +++ b/hosts/nb/modules/development/mcp.nix @@ -0,0 +1,11 @@ + +{ config, pkgs, lib, ... }: +let +in { + nixpkgs.overlays = [ + (import (builtins.fetchTarball "https://github.com/natsukium/mcp-servers-nix/archive/main.tar.gz")).overlays.default + ]; + environment.systemPackages = with pkgs; [ + mcp-server-fetch + ]; +} diff --git a/hosts/nb/modules/sway/sway.nix b/hosts/nb/modules/sway/sway.nix index a1ab85e..f63e7d6 100644 --- a/hosts/nb/modules/sway/sway.nix +++ b/hosts/nb/modules/sway/sway.nix @@ -84,6 +84,9 @@ in { hypnotix unstable.code-cursor + unstable.windsurf + unstable.codex + # vscode-insiders # unstable.vscode-fhs quickemu @@ -139,13 +142,14 @@ in { nextcloud-client nodejs_22 onlyoffice-bin + obs-studio pavucontrol pcmanfm pinentry rbw rofi-rbw # unstable.rustdesk - unstable.rustdesk-flutter + rustdesk-flutter slurp sway swaybg diff --git a/hosts/nb/modules/sway/vscode.nix b/hosts/nb/modules/sway/vscode.nix index c7dd118..3f0fc78 100644 --- a/hosts/nb/modules/sway/vscode.nix +++ b/hosts/nb/modules/sway/vscode.nix @@ -4,7 +4,7 @@ }; vscode-insiders = (unstable.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec { src = (builtins.fetchTarball { - url = "https://update.code.visualstudio.com/1.98.0-insider/linux-x64/insider"; + url = "https://update.code.visualstudio.com/1.98.2-insider/linux-x64/insider"; sha256 = "sha256-tV0VxDLJJPD4jfNEgVh3wMXg899VJxCS5a3putdetkA="; }); version = "1.98.0"; diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index 39d1600..baf8d52 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -5,6 +5,8 @@ /home/dominik/projects/cloonar/phishguard /home/dominik/projects/cloonar/phishguard-frontend /home/dominik/projects/cloonar/gitapi +/home/dominik/projects/cloonar/cloonar-assistant +/home/dominik/projects/cloonar/updns /home/dominik/projects/cloonar/flow/flow-docs /home/dominik/projects/cloonar/flow/flow-user-service @@ -27,11 +29,14 @@ /home/dominik/projects/cloonar/wohnservice-wien /home/dominik/projects/cloonar/wohnservice-gdpr /home/dominik/projects/cloonar/gbv-aktuell +/home/dominik/projects/cloonar/cloonar-technologies-website + /home/dominik/projects/cloonar/paraclub/paraclub-api /home/dominik/projects/cloonar/paraclub/paraclub-frontend /home/dominik/projects/cloonar/paraclub/paraclub-website /home/dominik/projects/cloonar/paraclub/paraclub-module /home/dominik/projects/cloonar/paraclub/paraclub-ai-mailer + /home/dominik/projects/cloonar/amz/amz-api /home/dominik/projects/cloonar/amz/amz-frontend /home/dominik/projects/cloonar/hilgenberg-website @@ -48,5 +53,6 @@ /home/dominik/projects/epicenter.works/padexporter /home/dominik/projects/epicenter.works/ansible-pull /home/dominik/projects/cloonar/lena-schilling-website +/home/dominik/projects/cloonar/dialog-relations-website /home/dominik/projects/cloonar/imperfect-perfect.com /home/dominik/projects/cloonar/yaapi diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index a42d5c7..ad4c827 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -3,6 +3,10 @@ let # impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; + unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { + config = { allowUnfree = true; }; + }; + thunderbirdSettings = { "extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org"; "browser.theme.content-theme" = 0; @@ -176,12 +180,13 @@ in programs.vscode = { enable = true; + # package = (unstable.vscode.override { isInsiders = true; }); package = (pkgs.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec { src = builtins.fetchTarball { - url = "https://update.code.visualstudio.com/1.98.0-insider/linux-x64/insider"; - sha256 = "1bbp8ix3brx6jq9zhzvq33fmlv3dl4s4m9p280hh2rr95rmd5xab"; + url = "https://update.code.visualstudio.com/1.99.0-insider/linux-x64/insider"; + sha256 = "0z3x9m9pndzka9gzm2phnks453d2mwbdid9yd7qw3bvv965h71j5"; }; - version = "1.98.0"; + version = "1.99.0"; }); }; @@ -484,6 +489,23 @@ in realName = "Dominik Polakovics"; address = "dominik.polakovics@epicenter.works"; userName = "dominik.polakovics@epicenter.works"; + signature = { + showSignature = "append"; + text = '' +
+


+ epicenter.works – for digital rights
+ Dominik Polakovics, Technical Advisor

+ + + + + + +
E-Mail:dominik.polakovics@epicenter.works
+
+ ''; + }; imap = { host = "mail.epicenter.works"; port = 993; @@ -586,6 +608,8 @@ in git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow/flow-docs 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/flow-user-service.git ${persistHome}/projects/cloonar/flow/flow-user-service 2>/dev/null @@ -605,6 +629,8 @@ in git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null + git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null git clone gitea@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null @@ -616,6 +642,7 @@ in git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index db34b39..3663089 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -34,6 +34,7 @@ ./sites/gbv-aktuell.at.nix ./sites/matomo.cloonar.com.nix ./sites/support.cloonar.dev.nix + ./sites/stage.cloonar-technologies.at.nix ./sites/cloonar.dev.nix ./sites/paraclub.cloonar.dev.nix @@ -41,10 +42,11 @@ ./sites/tandem.paraclub.cloonar.dev.nix ./sites/module.paraclub.cloonar.dev.nix ./sites/gbv-aktuell.cloonar.dev.nix - ./sites/lena-schilling.cloonar.dev.nix ./sites/stage.myhidden.life.nix ./sites/stage.korean-skin.care.nix ./sites/feeds.jordanrannells.com.nix + ./sites/dialog-relations.cloonar.dev.nix + ./sites/lena-schilling.cloonar.dev.nix ./sites/lena-schilling.at.nix ]; diff --git a/hosts/web-arm/modules/authelia/default.nix b/hosts/web-arm/modules/authelia/default.nix index bea241a..57b345d 100644 --- a/hosts/web-arm/modules/authelia/default.nix +++ b/hosts/web-arm/modules/authelia/default.nix @@ -1,6 +1,10 @@ -{ config, ... }: - -{ +{ config, pkgs, ... }: +let + unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") { + config = config.nixpkgs.config; + system = pkgs.system; + }; +in { sops.secrets.authelia-jwt-secret = { owner = "authelia-main"; }; @@ -24,6 +28,7 @@ }; services.authelia.instances.main = { + package = unstable.authelia; enable = true; secrets = { jwtSecretFile = config.sops.secrets.authelia-jwt-secret.path; diff --git a/hosts/web-arm/modules/web/typo3.nix b/hosts/web-arm/modules/web/typo3.nix index 8091b86..1e7db9c 100644 --- a/hosts/web-arm/modules/web/typo3.nix +++ b/hosts/web-arm/modules/web/typo3.nix @@ -134,8 +134,8 @@ in nameValuePair ("typo3-cron-" + domain) { script = '' set -eu - ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 scheduler:run - ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 ke_search:indexing + ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 scheduler:run + ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 ke_search:indexing ''; serviceConfig = { Type = "oneshot"; diff --git a/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix b/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix index 151ea09..dd0128d 100644 --- a/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix +++ b/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix @@ -31,5 +31,11 @@ ''; phpPackage = pkgs.php82.withExtensions ({ enabled, all }: enabled ++ [ all.imagick ]); + phpOptions = '' + opcache.enable=1 + opcache.memory_consumption=128 + opcache.validate_timestamps=0 + opcache.revalidate_path=0 + ''; }; } diff --git a/hosts/web-arm/sites/cloonar.dev.nix b/hosts/web-arm/sites/cloonar.dev.nix index 50cb7d3..3d3732b 100644 --- a/hosts/web-arm/sites/cloonar.dev.nix +++ b/hosts/web-arm/sites/cloonar.dev.nix @@ -3,16 +3,11 @@ let domain = "cloonar.dev"; dataDir = "/var/www/${domain}"; in { - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - root = "${dataDir}"; - locations."/favicon.ico".extraConfig = '' - log_not_found off; - access_log off; - ''; + services.webstack.instances."${domain}" = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6frP875aOnuFALjgP3ZCySCcYSGqtIzIK80S/L/D/w" + ]; locations."/".extraConfig = '' index index.html; @@ -35,26 +30,22 @@ in { } ''; - locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' - expires 365d; - add_header Pragma "public"; - add_header Cache-Control "public"; + locations."^~ /vcards/".extraConfig = '' + location ~ /\.env { + deny all; + return 404; + } + + # Determine if the requested file exists + try_files $uri $uri/ /vcards/index.php$is_args$args; ''; - locations."~ [^/]\.php(/|$)".extraConfig = '' - deny all; + locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; ''; + + phpPackage = pkgs.php; }; - users.users."${domain}" = { - isNormalUser = true; - createHome = true; - home = dataDir; - homeMode= "770"; - #home = "/home/${domain}"; - group = "nginx"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE=" - ]; - }; - users.groups.${domain} = {}; } diff --git a/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix b/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix new file mode 100644 index 0000000..9c1bf20 --- /dev/null +++ b/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, ... }: +{ + services.typo3.instances."dialog-relations.cloonar.dev" = { + acmeRoot = "/var/lib/acme/acme-challenge"; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma" + ]; + phpPackage = pkgs.php83; + }; +} diff --git a/hosts/web-arm/sites/dialog-relations.pub b/hosts/web-arm/sites/dialog-relations.pub new file mode 100644 index 0000000..b3433b2 --- /dev/null +++ b/hosts/web-arm/sites/dialog-relations.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma dominik@nb-01 diff --git a/hosts/web-arm/sites/paraclub.at.nix b/hosts/web-arm/sites/paraclub.at.nix index e5a4ba3..3e384b5 100644 --- a/hosts/web-arm/sites/paraclub.at.nix +++ b/hosts/web-arm/sites/paraclub.at.nix @@ -16,6 +16,7 @@ in { locations."/".extraConfig = '' index index.html; + error_page 404 /404.html; ''; locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' diff --git a/hosts/web-arm/sites/paraclub.cloonar.dev.nix b/hosts/web-arm/sites/paraclub.cloonar.dev.nix index a18d6b3..1208fcd 100644 --- a/hosts/web-arm/sites/paraclub.cloonar.dev.nix +++ b/hosts/web-arm/sites/paraclub.cloonar.dev.nix @@ -16,6 +16,7 @@ in { locations."/".extraConfig = '' index index.html; + error_page 404 /de/404.html; ''; locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' diff --git a/hosts/web-arm/sites/stage.cloonar-technologies.at.nix b/hosts/web-arm/sites/stage.cloonar-technologies.at.nix new file mode 100644 index 0000000..a92cf19 --- /dev/null +++ b/hosts/web-arm/sites/stage.cloonar-technologies.at.nix @@ -0,0 +1,43 @@ +{ pkgs, lib, config, ... }: +let + domain = "stage.cloonar-technologies.at"; + dataDir = "/var/www/${domain}"; +in { + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + root = "${dataDir}"; + + locations."/favicon.ico".extraConfig = '' + log_not_found off; + access_log off; + ''; + + locations."/".extraConfig = '' + index index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + + locations."~ [^/]\.php(/|$)".extraConfig = '' + deny all; + ''; + }; + users.users."${domain}" = { + isNormalUser = true; + createHome = true; + home = dataDir; + homeMode= "770"; + #home = "/home/${domain}"; + group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/zRVX9TyYcimkC8lxGjfJAoaL2zHDBH3QnRfUvgYHc" + ]; + }; + users.groups.${domain} = {}; +} diff --git a/utils/modules/autoupgrade.nix b/utils/modules/autoupgrade.nix index 7726dfd..1ff8002 100644 --- a/utils/modules/autoupgrade.nix +++ b/utils/modules/autoupgrade.nix @@ -3,5 +3,5 @@ { system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = false; - system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05"; + system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.11"; } diff --git a/utils/overlays/packages.nix b/utils/overlays/packages.nix index 2a52adb..cffe405 100644 --- a/utils/overlays/packages.nix +++ b/utils/overlays/packages.nix @@ -3,6 +3,7 @@ self: super: { ykfde = (super.callPackage ../pkgs/ykfde { }); creality-print = (super.callPackage ../pkgs/creality-print.nix { }); openaudible = (super.callPackage ../pkgs/openaudible.nix { }); + openmanus = (super.callPackage ../pkgs/openmanus.nix { }); ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { }; # vscode-insiders = (super.callPackage ../pkgs/vscode-insiders.nix { }); diff --git a/utils/pkgs/ai-mailer.nix b/utils/pkgs/ai-mailer.nix index 8523f15..40830d3 100644 --- a/utils/pkgs/ai-mailer.nix +++ b/utils/pkgs/ai-mailer.nix @@ -6,16 +6,23 @@ buildGoModule rec { src = fetchgit { url = "https://git.cloonar.com/Paraclub/ai-mailer.git"; - rev = "be9f2fea8fb37182ca983061c40e30eecb48286b"; - sha256 = "sha256-Df1ioHnlhALaliPW2/x1PhR7od/I/RqU8o8YpoI5jiY="; + rev = "8903aa072a482e1e52170c840bf87d8da5d9d9e0"; + sha256 = "sha256-+YPB3tcy2+ZiiwYfg6QzPcrg1gf9ivlLaZRzviwWe90="; }; vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw="; + + subPackages = [ "cmd/paraclub-ai-mailer" ]; preBuild = '' sed -i 's/go 1.23.5/go 1.22/' go.mod ''; + postInstall = '' + mv $out/bin/paraclub-ai-mailer $out/bin/ai-mailer + ln -s $out/bin/ai-mailer $out/bin/paraclub-ai-mailer + ''; + meta = with lib; { description = "AI Mail Assistant Service"; homepage = "https://git.cloonar.com/Paraclub/ai-mailer"; diff --git a/utils/pkgs/openmanus.nix b/utils/pkgs/openmanus.nix new file mode 100644 index 0000000..0bdbae7 --- /dev/null +++ b/utils/pkgs/openmanus.nix @@ -0,0 +1,43 @@ +{ lib +, fetchFromGitHub +, python312 +, python312Packages +}: + +python312Packages.buildPythonApplication rec { + pname = "openmanus"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "mannaandpoem"; + repo = "OpenManus"; + rev = "74f438bde38a47da884ba5de2d20960aa9a57990"; + sha256 = "sha256-zO2UgMxMvE7yk7ILsYnxjBuXrhqlLK42rZNYrxljcg4="; # Replace with actual hash after first build attempt + }; + + propagatedBuildInputs = with python312Packages; [ + openai + python-dotenv + requests + tomli + pydantic + pydantic-settings + numpy + tqdm + pillow + fastapi + uvicorn + gradio + colorlog + ]; + + doCheck = false; + + meta = with lib; { + description = "OpenManus - An open-source framework for building general AI agents"; + homepage = "https://github.com/mannaandpoem/OpenManus"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + mainProgram = "openmanus"; + }; +} \ No newline at end of file diff --git a/utils/pkgs/vscode-insiders.nix b/utils/pkgs/vscode-insiders.nix index f881202..7c6e102 100644 --- a/utils/pkgs/vscode-insiders.nix +++ b/utils/pkgs/vscode-insiders.nix @@ -9,10 +9,13 @@ stdenv.mkDerivation rec { pname = "vscode-insiders"; - version = "1.87.0-1708777035"; + # version = "1.98.2-1708777035"; + version = "1.98.2"; src = fetchurl { - url = "https://az764295.vo.msecnd.net/insider/9319989589821514c6d3dea07e90292d59431d35/code-insider-${version}-linux-x64.tar.gz"; + # url = "https://az764295.vo.msecnd.net/insider/9319989589821514c6d3dea07e90292d59431d35/code-insider-${version}-linux-x64.tar.gz"; + # url = "https://az764295.vo.msecnd.net/insider/2bdf282f0aa8f3022a0540949724ccf8a909ec45/code-insider-${version}-linux-x64.tar.gz"; + url = "https://update.code.visualstudio.com/${version}/linux-x64/stable"; hash = "sha256-Mm34T2/laoqxN8MR+H0rHxxA0WAKgc5d/ZvGGC+ETok="; };