From 5e259e0b426584f7fa9f56962b9e307c80f5ea07 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 13 Oct 2025 13:23:13 +0200 Subject: [PATCH 1/6] feat: add fivefilters --- hosts/fw/configuration.nix | 1 + hosts/fw/modules/dnsmasq.nix | 1 + hosts/fw/modules/fivefilters.nix | 32 ++++++++++++++++++++++++++++++++ hosts/fw/modules/web/proxies.nix | 8 ++++++++ 4 files changed, 42 insertions(+) create mode 100644 hosts/fw/modules/fivefilters.nix diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index fc86cd6..b9e4a9a 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -48,6 +48,7 @@ ./modules/ha-customers ./modules/firefox-sync.nix + ./modules/fivefilters.nix # home assistant ./modules/home-assistant diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index a855244..1e5e48d 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -91,6 +91,7 @@ "/omada.cloonar.com/${config.networkPrefix}.97.2" "/web-02.cloonar.com/${config.networkPrefix}.97.5" "/pla.cloonar.com/${config.networkPrefix}.97.5" + "/fivefilters.cloonar.com/${config.networkPrefix}.97.10" "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" "/mopidy.cloonar.com/${config.networkPrefix}.97.21" "/snapcast.cloonar.com/${config.networkPrefix}.97.21" diff --git a/hosts/fw/modules/fivefilters.nix b/hosts/fw/modules/fivefilters.nix new file mode 100644 index 0000000..cc46f3b --- /dev/null +++ b/hosts/fw/modules/fivefilters.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: { + users.users.fivefilters = { + isSystemUser = true; + group = "omada"; + home = "/var/lib/fivefilters"; + createHome = true; + }; + users.groups.fivefilters = { }; + + systemd.tmpfiles.rules = [ + # parent is created by createHome already, but harmless to repeat + "d /var/lib/fivefilters 0755 fivefilters fivefilters - -" + "d /var/lib/fivefilters/cache 0755 fivefilters fivefilters - -" + ]; + + # TODO: check if we can run docker service as other user than root + virtualisation = { + oci-containers.containers = { + fivefilters = { + autoStart = true; + image = "heussd/fivefilters-full-text-rss:3.8.1"; + volumes = [ + "/var/lib/fivefilters/cache:/var/www/html/cache" + ]; + extraOptions = [ + "--network=server" + "--ip=${config.networkPrefix}.97.10" + ]; + }; + }; + }; +} diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 44f1b99..87878cd 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -25,4 +25,12 @@ recommendedProxySettings = true; }; }; + services.nginx.virtualHosts."fivefilters.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.10"; + }; + }; } From fccec6d87c93da080e101aaa74174346f87ac48c Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 13 Oct 2025 13:23:37 +0200 Subject: [PATCH 2/6] fix: chrome dev tools mcp --- hosts/nb/modules/development/claude-code.nix | 2 +- hosts/nb/modules/development/mcp-chromium.nix | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/hosts/nb/modules/development/claude-code.nix b/hosts/nb/modules/development/claude-code.nix index 12cdd5c..cb53767 100644 --- a/hosts/nb/modules/development/claude-code.nix +++ b/hosts/nb/modules/development/claude-code.nix @@ -25,7 +25,7 @@ in { # Browser must be running with remote debugging on 127.0.0.1:9222. if ${config.home.homeDirectory}/.nix-profile/bin/claude mcp add --help >/dev/null 2>&1; then ${config.home.homeDirectory}/.nix-profile/bin/claude mcp add --scope user chrome-devtools \ - -- npx -y chrome-devtools-mcp --browserUrl=http://127.0.0.1:9222 || true + -- npx -y chrome-devtools-mcp --executablePath=${pkgs.ungoogled-chromium}/bin/chromium --isolated=true --headless=true --chromeArg=--ozone-platform=wayland --chromeArg=--enable-features=UseOzonePlatform --chromeArg=--force-device-scale-factor=1 || true fi ''; }; diff --git a/hosts/nb/modules/development/mcp-chromium.nix b/hosts/nb/modules/development/mcp-chromium.nix index d4dd9f4..0ab6c52 100644 --- a/hosts/nb/modules/development/mcp-chromium.nix +++ b/hosts/nb/modules/development/mcp-chromium.nix @@ -46,7 +46,24 @@ in environment.etc."codex/config.toml".text = '' [mcp_servers.chrome-devtools] command = "npx" - args = ["-y", "chrome-devtools-mcp@latest", "--browserUrl=http://127.0.0.1:9222"] + args = [ + # "-y", "chrome-devtools-mcp@latest", "--browserUrl=http://127.0.0.1:9222" + "-y", "chrome-devtools-mcp@latest", + + # Tell MCP exactly which Chromium to launch (Nix store path) + "--executablePath=${pkgs.ungoogled-chromium}/bin/chromium", + + # Make every run use a temporary profile (no shared state) + "--isolated=true", + + # Headful by default on Wayland + "--headless=true", + + # Pass Chromium flags for Wayland + scale + "--chromeArg=--ozone-platform=wayland", + "--chromeArg=--enable-features=UseOzonePlatform", + "--chromeArg=--force-device-scale-factor=1" + ] startup_timeout_sec = 30 tool_timeout_sec = 120 ''; From bdda87778ce654b3ed9d55ad85bba016a2314093 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 13 Oct 2025 13:23:51 +0200 Subject: [PATCH 3/6] feat: add android studio --- hosts/nb/modules/desktop/flatpak-packages.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hosts/nb/modules/desktop/flatpak-packages.nix b/hosts/nb/modules/desktop/flatpak-packages.nix index 8b657ea..199a4be 100644 --- a/hosts/nb/modules/desktop/flatpak-packages.nix +++ b/hosts/nb/modules/desktop/flatpak-packages.nix @@ -13,7 +13,11 @@ wantedBy = [ "multi-user.target" ]; path = [ pkgs.flatpak ]; script = '' - flatpak install -y https://dl.flathub.org/repo/appstream/io.github.yuki_iptv.yuki-iptv.flatpakref + set -eu + flatpak install --system -y --noninteractive --or-update flathub io.github.yuki_iptv.yuki-iptv + + flatpak install --system -y --noninteractive --or-update flathub com.google.AndroidStudio + flatpak run --command=bash com.google.AndroidStudio -c 'curl -fsSL https://claude.ai/install.sh | bash' ''; }; @@ -25,5 +29,12 @@ exec = "${pkgs.flatpak}/bin/flatpak run io.github.yuki_iptv.yuki-iptv"; terminal = false; }) + (pkgs.makeDesktopItem { + name = "android-studio"; + desktopName = "Android Studio"; + genericName = "Android Studio"; + exec = "${pkgs.flatpak}/bin/flatpak run com.google.AndroidStudio"; + terminal = false; + }) ]; } From aac9e9f38faa974d7e681222a168a29fada265e4 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 14 Oct 2025 14:13:37 +0200 Subject: [PATCH 4/6] fix: fivefilters https --- hosts/fw/modules/dnsmasq.nix | 2 +- todos.md | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 1e5e48d..0903894 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -91,7 +91,7 @@ "/omada.cloonar.com/${config.networkPrefix}.97.2" "/web-02.cloonar.com/${config.networkPrefix}.97.5" "/pla.cloonar.com/${config.networkPrefix}.97.5" - "/fivefilters.cloonar.com/${config.networkPrefix}.97.10" + "/fivefilters.cloonar.com/${config.networkPrefix}.97.5" "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" "/mopidy.cloonar.com/${config.networkPrefix}.97.21" "/snapcast.cloonar.com/${config.networkPrefix}.97.21" diff --git a/todos.md b/todos.md index f8d3483..f2d6bf2 100644 --- a/todos.md +++ b/todos.md @@ -1,9 +1,7 @@ -move modules for hosts into respecting hosts directory so not every host gets rebuilded when one module changes -change sddm theme -add yubikey -change playmouth theme look into secure boot +switch from gitea to forgejo + ## chache server https://github.com/zhaofengli/attic From 9941dfa61f1b0847b2c2ecefef25856e91746259 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 14 Oct 2025 14:13:47 +0200 Subject: [PATCH 5/6] feat: add adb --- hosts/nb/modules/development/coding.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/nb/modules/development/coding.nix b/hosts/nb/modules/development/coding.nix index c45ac94..32185f0 100644 --- a/hosts/nb/modules/development/coding.nix +++ b/hosts/nb/modules/development/coding.nix @@ -8,5 +8,14 @@ in { unstable.claude-code unstable.code-cursor unstable.vscode + # android-studio-full + # android-tools ]; + + nixpkgs.config.android_sdk.accept_license = true; + + programs.adb.enable = true; # sets up udev + adb group + services.udev.packages = [ pkgs.android-udev-rules ]; + + users.users.dominik.extraGroups = [ "adbusers" ]; } From e0568ddfdcfff18b79f77af3175cdfa988cdc167 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 14 Oct 2025 14:14:04 +0200 Subject: [PATCH 6/6] fix: chromium extension installation --- hosts/nb/users/dominik.nix | 96 ++++++++++++++------------------------ 1 file changed, 35 insertions(+), 61 deletions(-) diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 5aa7337..5a5e322 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -234,75 +234,49 @@ in "--force-dark-mode" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" - "--default-search-provider-search-url=\"https://www.perplexity.ai/search/?q={searchTerms}\"" + "--default-search-provider-search-url=\"https://www.perplexity.ai/search/?q=%s\"" ]; dictionaries = [ pkgs.hunspellDictsChromium.en_US pkgs.hunspellDictsChromium.de_DE ]; - extensions = - let - createChromiumExtensionFor = browserVersion: { id, sha256, version }: - { - inherit id; - crxPath = builtins.fetchurl { - url = "https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=${browserVersion}&x=id%3D${id}%26installsource%3Dondemand%26uc"; - name = "${id}.crx"; - inherit sha256; - }; - inherit version; - }; - createChromiumExtension = createChromiumExtensionFor (lib.versions.major pkgs.ungoogled-chromium.version); - in - [ - (createChromiumExtension { - # ublock origin - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - sha256 = "sha256:054kqrai2kd89bzc5c3x17rjfdil2zzxrxrg65vaywmvm77y7kmn"; - version = "1.61.0"; - }) - (createChromiumExtension { - # dark reader - id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; - sha256 = "sha256:1i8rs6bcblx4d85rh41pmky3hhlpzn5977lpz5zmhwri7sb77yzk"; - version = "4.9.96"; - }) - (createChromiumExtension { - # privacy badger - id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; - sha256 = "sha256:19vpk8h8q0xgi40hgv1bd24n3napbgbzg12najc3mkapqcvfcmhc"; - version = "2024.7.17"; - }) - (createChromiumExtension { - # Bitwarden - id = "nngceckbapebfimnlniiiahkandclblb"; - sha256 = "sha256:02cscadjqbfx3a5bky1zc38pxymzgndb9h3wing3pb0fwm30yrzd"; - version = "2024.10.1"; - }) - (createChromiumExtension { - # Dracula Theme - id = "jiaeinnfkmnkpkicpaihogiomcgikcde"; - sha256 = "sha256:01nm7p0v3lcvx8bkinq2rr0divvqgf5d2a757lg8m21ccmznqkpc"; - version = "1.0"; - }) - (createChromiumExtension { - # Vimium - id = "dbepggeogbaibhgnhhndojpepiihcmeb"; - sha256 = "sha256:0z6c04kjp13g4ix5kpv2m8q27i8pwz2c0rdi78wcnxqmqnik4ifx"; - version = "2.1.2"; - }) - (createChromiumExtension { - # BrainTool - id = "fialfmcgpibjgdoeodaondepigiiddio"; - sha256 = "sha256:0i8aga8h7jgjgsy1xx453gryzvf6y6wm9fd2i6cnzafjpf2fk51b"; - version = "1.0.3"; - }) - ]; - + extensions = [ + { + # ublock + id = "epcnnfbjfcgphgdmggkamkmgojdagdnn"; + } + { + # dark reader + id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; + } + { + # privacy badger + id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp"; + } + { + # Bitwarden + id = "nngceckbapebfimnlniiiahkandclblb"; + } + { + # Dracula Theme + id = "jiaeinnfkmnkpkicpaihogiomcgikcde"; + } + { + # Vimium + id = "dbepggeogbaibhgnhhndojpepiihcmeb"; + } + { + # BrainTool + id = "fialfmcgpibjgdoeodaondepigiiddio"; + } + { + # Chathub + id = "iaakpnchhognanibcahlpcplchdfmgma"; + } + ]; }; programs.git = { - enable = true; lfs.enable = true; package = pkgs.gitAndTools.gitFull;