Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-04-25 20:35:33 +02:00
parent 9cfc423a38
commit 9a5a28098c
36 changed files with 453 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fw/configuration.nix
View File

@@ -26,12 +26,14 @@
./modules/ddclient.nix
# ./modules/wol.nix
# microvm
./modules/microvm.nix
./modules/gitea-vm.nix
# ./modules/vscode-server.nix # Add VS Code Server microvm
./modules/ai-mailer.nix
./modules/wazuh.nix
# web
./modules/web

4
hosts/fw/modules/ai-mailer.nix
View File

@@ -49,7 +49,7 @@
logging:
level: "info"
file_path: "/var/log/ai-mailer.log"
file_path: "/var/log/ai-mailer/ai-mailer.log"
'';
};
@@ -72,7 +72,7 @@
User = "ai-mailer";
Group = "ai-mailer";
WorkingDirectory = "/var/lib/ai-mailer";
ExecStart = "${pkgs.ai-mailer}/bin/paraclub-ai-mailer -config /etc/ai-mailer/config.yaml";
ExecStart = "${pkgs.ai-mailer}/bin/ai-mailer -config /etc/ai-mailer/config.yaml";
Restart = "always";
RestartSec = "10s";
StateDirectory = "ai-mailer";

1
hosts/fw/modules/ddclient.nix
View File

@@ -15,6 +15,7 @@
"palworld.cloonar.com"
"matrix.cloonar.com"
"element.cloonar.com"
"tinder.cloonar.com"
];
};

4
hosts/fw/modules/home-assistant/default.nix
View File

@@ -4,7 +4,7 @@ let
pkgs-with-home-assistant = import (builtins.fetchGit {
name = "new-home-assistant";
url = "https://github.com/nixos/nixpkgs/";
rev = "41dea55321e5a999b17033296ac05fe8a8b5a257";
rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11";
}) {};
networkPrefix = config.networkPrefix;
in
@@ -161,7 +161,7 @@ in
};
script = ''
set -e
HACS_VERSION="2.0.1" # Replace with the latest version
HACS_VERSION="2.0.5" # Replace with the latest version
HACS_DIR="/var/lib/hass/custom_components/hacs"
mkdir -p "$HACS_DIR"

7
hosts/fw/modules/home-assistant/multimedia.nix
View File

@@ -76,7 +76,7 @@
{
service = "automation.turn_off";
target = {
entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID
entity_id = "automation.all_multimedia_off";
};
}
{
@@ -115,7 +115,7 @@
{
service = "automation.turn_on";
target = {
entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID
entity_id = "automation.all_multimedia_off";
};
}
];
@@ -289,6 +289,9 @@
command = "b64:JgDaAAABKZMUERMSExITEhMSExETEhMSExITEhMSExETNxQ2ExITEhMSEzcTNxM3ExITEhM3ExITNxMSEhITEhM3EzcTEhM3EwAFyAABKJQUERMSEhITEhMSExITEhMSEhITEhMSExITNxM3ExITEhMREzcTNxQ3EhITEhM3ExITNxMSExITEhM3EzcTEhM3EwAFyAABKJQUERMSExETEhMSExITEhMSExETEhMSExITNxM3ExITEhMREzcTOBI4ExETEhM3ExITNxMSExITEhM3EzcTEhM3E5IGAA0FAAAAAAAAAAAAAAAAAAA=";
};
}
{
delay = 20;
}
# turn off tv switch
{
service = "switch.turn_off";

1
hosts/fw/modules/setupnetwork.nix
View File

@@ -26,6 +26,7 @@
};
subnet4 = [
{
id = 110;
pools = [
{
pool = "${config.networkPrefix}.110.100 - ${config.networkPrefix}.110.240";

84
hosts/fw/modules/tinder-api.nix Normal file
View File

@@ -0,0 +1,84 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.tinder-api-wrapper;
in {
options.services.tinder-api-wrapper = with lib; {
enable = mkEnableOption "Tinder API wrapper service";
port = mkOption {
type = types.port;
default = 8080;
description = "Port to listen on";
};
apiEndpoint = mkOption {
type = types.str;
default = "https://api.gotinder.com";
description = "Target Tinder API endpoint URL";
};
user = mkOption {
type = types.str;
default = "tinder-api";
description = "User account to run service.";
};
group = mkOption {
type = types.str;
default = "tinder-api";
description = "Group account to run service.";
};
};
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [
(self: super: {
tinder-api-wrapper = self.callPackage ../pkgs/tinder-api.nix {};
})
];
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "Tinder API wrapper service user";
};
users.groups.${cfg.group} = {};
systemd.services.tinder-api-wrapper = {
description = "Tinder API Wrapper Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.tinder-api-wrapper}/bin/server -listen :${toString cfg.port} -target ${cfg.apiEndpoint}";
Restart = "always";
RestartSec = "10";
# Hardening
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
};
};
};
}

4
hosts/fw/modules/unbound.nix
View File

@@ -54,6 +54,9 @@ let
"\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\""
"\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\""
"\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\""
"\"wazuh-manager.cloonar.com IN A ${config.networkPrefix}.97.31\""
"\"wazuh-indexer.cloonar.com IN A ${config.networkPrefix}.97.32\""
"\"wazuh.cloonar.com IN A ${config.networkPrefix}.97.33\""
"\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\""
"\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\""
"\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\""
@@ -61,6 +64,7 @@ let
"\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"element.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"support.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"tinder.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"git.cloonar.com IN A ${config.networkPrefix}.97.50\""
"\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\""

58
hosts/fw/modules/wazuh.nix Normal file
View File

@@ -0,0 +1,58 @@
{ config, pkgs, ... }:
{
virtualisation.oci-containers.containers = {
# Wazuh Manager Container
wazuh-manager = {
autoStart = false;
image = "docker://wazuh/wazuh-manager:latest";
volumes = [
"/var/lib/wazuh:/var/ossec"
];
extraOptions = [
"--network=server"
"--mac-address=10:10:00:00:00:01"
"--ip=${config.networkPrefix}.97.31"
];
};
# Wazuh Indexer Container (Elasticsearch)
wazuh-indexer = {
autoStart = false;
image = "docker://wazuh/wazuh-indexer:latest";
volumes = [
"/var/lib/wazuh-indexer:/usr/share/elasticsearch/data"
];
environment = {
"discovery.type" = "single-node";
};
extraOptions = [
"--network=server"
"--mac-address=10:10:00:00:00:02"
"--ip=${config.networkPrefix}.97.32"
];
};
# Wazuh Dashboard Container (Kibana)
wazuh-dashboard = {
autoStart = false;
image = "docker://wazuh/wazuh-dashboard:latest";
volumes = [
"/var/lib/wazuh-indexer:/usr/share/elasticsearch/data"
];
environment = {
"discovery.type" = "single-node";
};
environment = {
# Optionally, configure to connect to the indexer/manager:
WAZUH_INDEXER_URL = "http://wazuh-indexer.cloonar.com:9200";
WAZUH_MANAGER_URL = "http://wazuh-manager.cloonar.com:55000";
};
extraOptions = [
"--network=server"
"--mac-address=10:10:00:00:00:03"
"--ip=${config.networkPrefix}.97.33"
];
};
};
}

2
hosts/fw/modules/web/default.nix
View File

@@ -52,11 +52,13 @@ in {
../network-prefix.nix
../../utils/modules/sops.nix
../../utils/modules/lego/lego.nix
../../modules/tinder-api.nix
# ../../utils/modules/borgbackup.nix
./zammad.nix
./proxies.nix
./matrix.nix
./tinder-api.nix
];
networkPrefix = config.networkPrefix;

28
hosts/fw/modules/web/tinder-api.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
services.tinder-api-wrapper = {
enable = true;
port = 8080; # default port
apiEndpoint = "https://api.gotinder.com";
};
services.nginx.virtualHosts."tinder.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
extraConfig =
"proxy_set_header X-Forwarded-Proto 'https';" +
"proxy_set_header X-Forwarded-Ssl on;" +
"proxy_connect_timeout 300;" +
"proxy_send_timeout 300;" +
"proxy_read_timeout 300;" +
"send_timeout 300;"
;
};
};
}

21
hosts/fw/pkgs/tinder-api.nix Normal file
View File

@@ -0,0 +1,21 @@
{ lib, buildGoModule, fetchgit }:
buildGoModule rec {
pname = "tinder-api-wrapper";
version = "0.1.0";
src = fetchgit {
url = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper.git";
rev = "e99b56e4346ac4ae5c1e0747e51ff3a0259440d3";
sha256 = "sha256-ZGuoFVaTBJcnGiToNvk+MRD+zW9IUQldbbqFVLEfkeU=";
};
vendorHash = null;
meta = with lib; {
description = "Tinder API Wrapper Service";
homepage = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper";
license = licenses.mit;
maintainers = with maintainers; [ /* add maintainers */ ];
};
}

2
hosts/mail/modules/dovecot.nix
View File

@@ -255,7 +255,7 @@ in
"imap-test.${domain}"
"imap-02.${domain}"
];
postRun = "sleep 2 && systemctl restart dovecot2.service";
postRun = "systemctl --no-block restart dovecot2.service";
};
networking.firewall.allowedTCPPorts = [

15
hosts/nb/configuration.nix
View File

@@ -27,13 +27,16 @@ in {
./modules/sway/sway.nix
./modules/printer.nix
# ./modules/cyberghost.nix
./modules/nvim/default.nix
./utils/modules/autoupgrade.nix
./modules/puppeteer.nix
./cachix.nix
./users
# coding
./modules/nvim/default.nix
./modules/coding.nix
# ./modules/steam.nix
./hardware-configuration.nix
@@ -200,12 +203,14 @@ in {
git-filter-repo
nix-prefetch-git
openaudible
openmanus
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
wireguard-tools
wineWowPackages.stable
wineWowPackages.fonts
winetricks
pinentry-curses
# ykfde
];
@@ -267,6 +272,14 @@ in {
};
};
# pgp
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
# networking.networkmanager.insertNameservers = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ];
# services.avahi.enable = false;
# networking.resolvconf.enable = lib.mkForce false;

10
hosts/nb/modules/coding.nix Normal file
View File

@@ -0,0 +1,10 @@
{ config, pkgs, ... }:
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
in {
environment.systemPackages = with pkgs; [
unstable.claude-code
];
}

13
hosts/nb/modules/development/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
in {
imports = [
./mcp.nix
];
}

11
hosts/nb/modules/development/mcp.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, lib, ... }:
let
in {
nixpkgs.overlays = [
(import (builtins.fetchTarball "https://github.com/natsukium/mcp-servers-nix/archive/main.tar.gz")).overlays.default
];
environment.systemPackages = with pkgs; [
mcp-server-fetch
];
}

6
hosts/nb/modules/sway/sway.nix
View File

@@ -84,6 +84,9 @@ in {
hypnotix
unstable.code-cursor
unstable.windsurf
unstable.codex
# vscode-insiders
# unstable.vscode-fhs
quickemu
@@ -139,13 +142,14 @@ in {
nextcloud-client
nodejs_22
onlyoffice-bin
obs-studio
pavucontrol
pcmanfm
pinentry
rbw
rofi-rbw
# unstable.rustdesk
unstable.rustdesk-flutter
rustdesk-flutter
slurp
sway
swaybg

2
hosts/nb/modules/sway/vscode.nix
View File

@@ -4,7 +4,7 @@
};
vscode-insiders = (unstable.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec {
src = (builtins.fetchTarball {
url = "https://update.code.visualstudio.com/1.98.0-insider/linux-x64/insider";
url = "https://update.code.visualstudio.com/1.98.2-insider/linux-x64/insider";
sha256 = "sha256-tV0VxDLJJPD4jfNEgVh3wMXg899VJxCS5a3putdetkA=";
});
version = "1.98.0";

6
hosts/nb/users/configs/project_history
View File

@@ -5,6 +5,8 @@
/home/dominik/projects/cloonar/phishguard
/home/dominik/projects/cloonar/phishguard-frontend
/home/dominik/projects/cloonar/gitapi
/home/dominik/projects/cloonar/cloonar-assistant
/home/dominik/projects/cloonar/updns
/home/dominik/projects/cloonar/flow/flow-docs
/home/dominik/projects/cloonar/flow/flow-user-service
@@ -27,11 +29,14 @@
/home/dominik/projects/cloonar/wohnservice-wien
/home/dominik/projects/cloonar/wohnservice-gdpr
/home/dominik/projects/cloonar/gbv-aktuell
/home/dominik/projects/cloonar/cloonar-technologies-website
/home/dominik/projects/cloonar/paraclub/paraclub-api
/home/dominik/projects/cloonar/paraclub/paraclub-frontend
/home/dominik/projects/cloonar/paraclub/paraclub-website
/home/dominik/projects/cloonar/paraclub/paraclub-module
/home/dominik/projects/cloonar/paraclub/paraclub-ai-mailer
/home/dominik/projects/cloonar/amz/amz-api
/home/dominik/projects/cloonar/amz/amz-frontend
/home/dominik/projects/cloonar/hilgenberg-website
@@ -48,5 +53,6 @@
/home/dominik/projects/epicenter.works/padexporter
/home/dominik/projects/epicenter.works/ansible-pull
/home/dominik/projects/cloonar/lena-schilling-website
/home/dominik/projects/cloonar/dialog-relations-website
/home/dominik/projects/cloonar/imperfect-perfect.com
/home/dominik/projects/cloonar/yaapi

33
hosts/nb/users/dominik.nix
View File

@@ -3,6 +3,10 @@ let
# impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
thunderbirdSettings = {
"extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org";
"browser.theme.content-theme" = 0;
@@ -176,12 +180,13 @@ in
programs.vscode = {
enable = true;
# package = (unstable.vscode.override { isInsiders = true; });
package = (pkgs.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec {
src = builtins.fetchTarball {
url = "https://update.code.visualstudio.com/1.98.0-insider/linux-x64/insider";
sha256 = "1bbp8ix3brx6jq9zhzvq33fmlv3dl4s4m9p280hh2rr95rmd5xab";
url = "https://update.code.visualstudio.com/1.99.0-insider/linux-x64/insider";
sha256 = "0z3x9m9pndzka9gzm2phnks453d2mwbdid9yd7qw3bvv965h71j5";
};
version = "1.98.0";
version = "1.99.0";
});
};
@@ -484,6 +489,23 @@ in
realName = "Dominik Polakovics";
address = "dominik.polakovics@epicenter.works";
userName = "dominik.polakovics@epicenter.works";
signature = {
showSignature = "append";
text = ''
<div style="font-family: 'Open Sans', Helvetica, Arial, sans-serif;">
<p style="margin-bottom: 0;"><img src="https://epicenter.works/sites/default/files/ew_logo_rgb-xs.png" /><br>
<b>epicenter.works for digital rights</b><br>
Dominik Polakovics, Technical Advisor</p>
<table style="border: none;border-left: 5px solid #ccc;font-size: 80%;">
<tr>
<td style="padding-right:10px;">E-Mail:</td>
<td>dominik.polakovics@epicenter.works</td>
</tr>
</table>
</div>
'';
};
imap = {
host = "mail.epicenter.works";
port = 993;
@@ -586,6 +608,8 @@ in
git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow/flow-docs 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-user-service.git ${persistHome}/projects/cloonar/flow/flow-user-service 2>/dev/null
@@ -605,6 +629,8 @@ in
git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null
@@ -616,6 +642,7 @@ in
git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null

4
hosts/web-arm/configuration.nix
View File

@@ -34,6 +34,7 @@
./sites/gbv-aktuell.at.nix
./sites/matomo.cloonar.com.nix
./sites/support.cloonar.dev.nix
./sites/stage.cloonar-technologies.at.nix
./sites/cloonar.dev.nix
./sites/paraclub.cloonar.dev.nix
@@ -41,10 +42,11 @@
./sites/tandem.paraclub.cloonar.dev.nix
./sites/module.paraclub.cloonar.dev.nix
./sites/gbv-aktuell.cloonar.dev.nix
./sites/lena-schilling.cloonar.dev.nix
./sites/stage.myhidden.life.nix
./sites/stage.korean-skin.care.nix
./sites/feeds.jordanrannells.com.nix
./sites/dialog-relations.cloonar.dev.nix
./sites/lena-schilling.cloonar.dev.nix
./sites/lena-schilling.at.nix
];

11
hosts/web-arm/modules/authelia/default.nix
View File

@@ -1,6 +1,10 @@
{ config, ... }:
{
{ config, pkgs, ... }:
let
unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") {
config = config.nixpkgs.config;
system = pkgs.system;
};
in {
sops.secrets.authelia-jwt-secret = {
owner = "authelia-main";
};
@@ -24,6 +28,7 @@
};
services.authelia.instances.main = {
package = unstable.authelia;
enable = true;
secrets = {
jwtSecretFile = config.sops.secrets.authelia-jwt-secret.path;

4
hosts/web-arm/modules/web/typo3.nix
View File

@@ -134,8 +134,8 @@ in
nameValuePair ("typo3-cron-" + domain) {
script = ''
set -eu
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 scheduler:run
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 ke_search:indexing
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 scheduler:run
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 ke_search:indexing
'';
serviceConfig = {
Type = "oneshot";

6
hosts/web-arm/sites/api.paraclub.cloonar.dev.nix
View File

@@ -31,5 +31,11 @@
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
phpOptions = ''
opcache.enable=1
opcache.memory_consumption=128
opcache.validate_timestamps=0
opcache.revalidate_path=0
'';
};
}

39
hosts/web-arm/sites/cloonar.dev.nix
View File

@@ -3,16 +3,11 @@ let
domain = "cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
services.webstack.instances."${domain}" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6frP875aOnuFALjgP3ZCySCcYSGqtIzIK80S/L/D/w"
];
locations."/".extraConfig = ''
index index.html;
@@ -35,26 +30,22 @@ in {
}
'';
locations."^~ /vcards/".extraConfig = ''
location ~ /\.env {
deny all;
return 404;
}
# Determine if the requested file exists
try_files $uri $uri/ /vcards/index.php$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
phpPackage = pkgs.php;
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
];
};
users.groups.${domain} = {};
}

10
hosts/web-arm/sites/dialog-relations.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."dialog-relations.cloonar.dev" = {
acmeRoot = "/var/lib/acme/acme-challenge";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma"
];
phpPackage = pkgs.php83;
};
}

1
hosts/web-arm/sites/dialog-relations.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma dominik@nb-01

1
hosts/web-arm/sites/paraclub.at.nix
View File

@@ -16,6 +16,7 @@ in {
locations."/".extraConfig = ''
index index.html;
error_page 404 /404.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''

1
hosts/web-arm/sites/paraclub.cloonar.dev.nix
View File

@@ -16,6 +16,7 @@ in {
locations."/".extraConfig = ''
index index.html;
error_page 404 /de/404.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''

43
hosts/web-arm/sites/stage.cloonar-technologies.at.nix Normal file
View File

@@ -0,0 +1,43 @@
{ pkgs, lib, config, ... }:
let
domain = "stage.cloonar-technologies.at";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/zRVX9TyYcimkC8lxGjfJAoaL2zHDBH3QnRfUvgYHc"
];
};
users.groups.${domain} = {};
}

2
utils/modules/autoupgrade.nix
View File

@@ -3,5 +3,5 @@
{
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = false;
system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05";
system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.11";
}

1
utils/overlays/packages.nix
View File

@@ -3,6 +3,7 @@ self: super: {
ykfde = (super.callPackage ../pkgs/ykfde { });
creality-print = (super.callPackage ../pkgs/creality-print.nix { });
openaudible = (super.callPackage ../pkgs/openaudible.nix { });
openmanus = (super.callPackage ../pkgs/openmanus.nix { });
ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { };
# vscode-insiders = (super.callPackage ../pkgs/vscode-insiders.nix { });

11
utils/pkgs/ai-mailer.nix
View File

@@ -6,16 +6,23 @@ buildGoModule rec {
src = fetchgit {
url = "https://git.cloonar.com/Paraclub/ai-mailer.git";
rev = "be9f2fea8fb37182ca983061c40e30eecb48286b";
sha256 = "sha256-Df1ioHnlhALaliPW2/x1PhR7od/I/RqU8o8YpoI5jiY=";
rev = "8903aa072a482e1e52170c840bf87d8da5d9d9e0";
sha256 = "sha256-+YPB3tcy2+ZiiwYfg6QzPcrg1gf9ivlLaZRzviwWe90=";
};
vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw=";
subPackages = [ "cmd/paraclub-ai-mailer" ];
preBuild = ''
sed -i 's/go 1.23.5/go 1.22/' go.mod
'';
postInstall = ''
mv $out/bin/paraclub-ai-mailer $out/bin/ai-mailer
ln -s $out/bin/ai-mailer $out/bin/paraclub-ai-mailer
'';
meta = with lib; {
description = "AI Mail Assistant Service";
homepage = "https://git.cloonar.com/Paraclub/ai-mailer";

43
utils/pkgs/openmanus.nix Normal file
View File

@@ -0,0 +1,43 @@
{ lib
, fetchFromGitHub
, python312
, python312Packages
}:
python312Packages.buildPythonApplication rec {
pname = "openmanus";
version = "0.1.0";
src = fetchFromGitHub {
owner = "mannaandpoem";
repo = "OpenManus";
rev = "74f438bde38a47da884ba5de2d20960aa9a57990";
sha256 = "sha256-zO2UgMxMvE7yk7ILsYnxjBuXrhqlLK42rZNYrxljcg4="; # Replace with actual hash after first build attempt
};
propagatedBuildInputs = with python312Packages; [
openai
python-dotenv
requests
tomli
pydantic
pydantic-settings
numpy
tqdm
pillow
fastapi
uvicorn
gradio
colorlog
];
doCheck = false;
meta = with lib; {
description = "OpenManus - An open-source framework for building general AI agents";
homepage = "https://github.com/mannaandpoem/OpenManus";
license = licenses.mit;
maintainers = with maintainers; [ ];
mainProgram = "openmanus";
};
}

7
utils/pkgs/vscode-insiders.nix
View File

@@ -9,10 +9,13 @@
stdenv.mkDerivation rec {
pname = "vscode-insiders";
version = "1.87.0-1708777035";
# version = "1.98.2-1708777035";
version = "1.98.2";
src = fetchurl {
url = "https://az764295.vo.msecnd.net/insider/9319989589821514c6d3dea07e90292d59431d35/code-insider-${version}-linux-x64.tar.gz";
# url = "https://az764295.vo.msecnd.net/insider/9319989589821514c6d3dea07e90292d59431d35/code-insider-${version}-linux-x64.tar.gz";
# url = "https://az764295.vo.msecnd.net/insider/2bdf282f0aa8f3022a0540949724ccf8a909ec45/code-insider-${version}-linux-x64.tar.gz";
url = "https://update.code.visualstudio.com/${version}/linux-x64/stable";
hash = "sha256-Mm34T2/laoqxN8MR+H0rHxxA0WAKgc5d/ZvGGC+ETok=";
};