Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Cloonar:c478c2ea6679e66d25739193ef210fae60c8f9bc
Branches Tags
Cloonar:master
..
compare: Cloonar:307e8f23074d5b9bbe55d3ffb47528cebe6e119e
Branches Tags
Cloonar:master

10 commits
c478c2ea66 ... 307e8f2307

Author SHA1 Message Date
Dominik Polakovics
307e8f2307 feat: add redis for authelia session storage 2026-01-25 15:24:13 +01:00
Dominik Polakovics
c589a47353 fix: firefox and thunderbird scaling 2026-01-25 15:23:53 +01:00
Dominik Polakovics
b2b263013a feat: add codex to nvim 2026-01-25 14:41:13 +01:00
Dominik Polakovics
68273a7259 fix: grafana alerts 2026-01-25 14:41:04 +01:00
Dominik Polakovics
b0cbb5a3b4 fix: pyload user bash 2026-01-25 14:40:41 +01:00
Dominik Polakovics
f6a9a9e0ff feat: update claude-code 2026-01-20 13:35:09 +01:00
Dominik Polakovics
64e3b4c557 fix: ddclient 2026-01-20 11:42:45 +01:00
Dominik Polakovics
89b70fe6f7 feat: nas add audiobookshelf 2026-01-18 20:41:17 +01:00
Dominik Polakovics
edbf5dcbbc feat: fw some changes 2026-01-18 20:41:00 +01:00
Dominik Polakovics
694c11bcd5 feat: fw wg and ha add fairphone 2026-01-17 20:13:53 +01:00
17 changed files with 97 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/fw/modules/ddclient.nix
View file

@ -2,20 +2,26 @@
{
services.ddclient = {
enable = true;
usev4 = "if, if=wan";
usev4 = "ifv4, ifv4=wan";
usev6 = "disabled";
protocol = "hetzner";
# server = "https://dns.hetzner.com/api/v1/";
username = "dominik.polakovics@cloonar.com";
passwordFile = config.sops.secrets.ddclient.path;
zone = "cloonar.com";
domains = [
"fw.cloonar.com"
"vpn.cloonar.com"
"git.cloonar.com"
"palworld.cloonar.com"
"matrix.cloonar.com"
"audiobooks.cloonar.com"
"element.cloonar.com"
"tinder.cloonar.com"
"foundry-vtt.cloonar.com"
"foundry-ha.cloonar.com"
"fw.cloonar.com"
"git.cloonar.com"
"jellyfin.cloonar.com"
"matrix.cloonar.com"
"palworld.cloonar.com"
"support.cloonar.com"
"sync.cloonar.com"
"vpn.cloonar.com"
];
};

1
hosts/fw/modules/dnsmasq.nix
View file

@ -137,6 +137,7 @@
# multimedia
"/dl.cloonar.com/${config.networkPrefix}.97.5"
"/jellyfin.cloonar.com/${config.networkPrefix}.97.5"
"/audiobooks.cloonar.com/${config.networkPrefix}.97.5"
"/deconz.cloonar.multimedia/${config.networkPrefix}.97.22"

1
hosts/fw/modules/home-assistant/locks.nix
View file

@ -2,6 +2,7 @@ let
devices = [
"device_tracker.dominiks_iphone"
"device_tracker.dominiks_mp01"
"device_tracker.dominiks_fairphone_6"
];
in {
services.home-assistant.extraComponents = [

30
hosts/fw/modules/web/proxies.nix
View file

@ -57,15 +57,6 @@
enableACME = true;
acmeRoot = null;
# Restrict to internal LAN only
extraConfig = ''
allow ${config.networkPrefix}.96.0/24;
allow ${config.networkPrefix}.97.0/24;
allow ${config.networkPrefix}.98.0/24;
allow ${config.networkPrefix}.99.0/24;
deny all;
'';
locations."/" = {
proxyPass = "http://${config.networkPrefix}.97.11:8096";
proxyWebsockets = true;
@ -82,4 +73,25 @@
'';
};
};
services.nginx.virtualHosts."audiobooks.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://${config.networkPrefix}.97.11:13378";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering for better streaming performance
proxy_buffering off;
'';
};
};
}

4
hosts/fw/modules/wireguard.nix
View file

@ -29,6 +29,10 @@
publicKey = "yv0AWQl4LFebVa7SvwdxpEmB3PPglwjoKy6A3og93WI=";
allowedIPs = [ "${config.networkPrefix}.98.204/32" ];
}
{ # FairPhone
publicKey = "tLsvuXo6Cp8tzjJau1yJZ9apeQvYa+cGrnAXBBifO3Y=";
allowedIPs = [ "${config.networkPrefix}.98.205/32" ];
}
];
};
wg_epicenter = {

2
hosts/nas/configuration.nix
View file

@ -17,6 +17,7 @@ in {
./modules/cyberghost.nix
./modules/pyload.nix
./modules/jellyfin.nix
./modules/audiobookshelf.nix
./modules/power-management.nix
./modules/disk-monitoring.nix
./modules/ugreen-leds.nix
@ -64,6 +65,7 @@ in {
directories = [
"/var/lib/pyload"
"/var/lib/jellyfin"
"/var/lib/audiobookshelf"
"/var/log"
"/var/lib/nixos"
"/var/bento"

16
hosts/nas/modules/audiobookshelf.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }: {
# Audiobookshelf user with jellyfin and pyload groups for multimedia access
users.users.audiobookshelf = {
isSystemUser = true;
group = "audiobookshelf";
extraGroups = [ "jellyfin" "pyload" ];
};
users.groups.audiobookshelf = {};
services.audiobookshelf = {
enable = true;
openFirewall = true; # Opens default port 13378
host = "0.0.0.0"; # Listen on all interfaces
port = 13378;
};
}

2
hosts/nas/modules/disk-monitoring.nix
View file

@ -7,8 +7,6 @@
let
# Disk identifiers from hardware-configuration.nix
disks = [
"/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52TBSB"
"/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52V9QX"
"/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_8582A01SF4MJ"
"/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_75V2A0H3F4MJ"
"/dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1MAZ0E7"

1
hosts/nas/modules/pyload.nix
View file

@ -52,6 +52,7 @@ in
home = "/var/lib/pyload";
createHome = true;
extraGroups = [ "jellyfin" ];
shell = pkgs.bashInteractive; # Required for filebot-process script
};
users.groups.pyload = {};

2
hosts/nb/modules/development/nvim/config/terminal.lua
View file

@ -42,7 +42,7 @@ local config = {
{ vim.o.shell, "<M-1>", "Float Terminal 1", "float", nil },
{ vim.o.shell, "<M-2>", "Float Terminal 2", "float", nil },
{ "claude", "<M-3>", "Claude Terminal", "float", nil },
{ vim.o.shell, "<M-4>", "Float Terminal 4", "float", nil },
{ "codex", "<M-4>", "Codex Terminal", "float", nil },
{ vim.o.shell, "<M-5>", "Float Terminal 5", "float", nil },
},
}

4
hosts/nb/users/dominik.nix
View file

@ -20,7 +20,7 @@ let
"calendar.ui.version" = 3;
"calendar.timezone.local" = "Europe/Vienna";
"calendar.week.start" = 1;
"layout.css.devPixelsPerPx" = "1.25";
"layout.css.devPixelsPerPx" = "-1.0";
};
# Base calendar settings (without identity)
@ -89,7 +89,7 @@ let
"signon.rememberSignons" = false;
"identity.sync.tokenserver.uri" = "https://sync.cloonar.com/1.0/sync/1.5";
# "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"layout.css.devPixelsPerPx" = "1.25";
"layout.css.devPixelsPerPx" = "-1.0"; # auto-detect from Wayland compositor
"media.ffmpeg.vaapi.enabled" = true;
"media.ffmpeg.vaapi-drm-display.enabled" = true;
"gfx.webrender.all" = true;

18
hosts/web-arm/modules/authelia.nix
View file

@ -5,6 +5,21 @@ let
system = pkgs.system;
};
in {
# Redis for Authelia session persistence
services.redis.servers.authelia = {
enable = true;
user = "authelia-main";
unixSocket = "/run/redis-authelia/redis.sock";
unixSocketPerm = 660;
settings = {
appendonly = "yes"; # Enable AOF persistence
appendfsync = "everysec"; # Sync every second
};
};
# Add authelia user to redis group for socket access
users.users.authelia-main.extraGroups = [ "redis-authelia" ];
sops.secrets.authelia-jwt-secret = {
owner = "authelia-main";
};
@ -106,6 +121,9 @@ in {
inactivity = "45m";
remember_me_duration = "1M";
domain = "cloonar.com";
redis = {
host = "/run/redis-authelia/redis.sock";
};
# todo: enable with 4.38
# cookies = [
# {

6
hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix
View file

@ -12,7 +12,7 @@
datasourceUid = "vm-datasource-uid";
relativeTimeRange = { from = 300; to = 0; };
model = {
expr = ''mdadm_array_state == 0'';
expr = ''mdadm_array_state < 1'';
instant = false;
};
}
@ -35,7 +35,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "RAID array {{ $labels.array }} is degraded";
@ -84,7 +84,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "RAID array {{ $labels.array }} has missing devices";

14
hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix
View file

@ -12,7 +12,7 @@
datasourceUid = "vm-datasource-uid";
relativeTimeRange = { from = 300; to = 0; };
model = {
expr = ''smart_health_passed == 0'';
expr = ''smart_health_passed < 1'';
instant = false;
};
}
@ -35,7 +35,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "S.M.A.R.T. health check FAILED on {{ $labels.device }}";
@ -84,7 +84,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "Reallocated sectors detected on {{ $labels.device }}";
@ -133,7 +133,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "Pending sectors detected on {{ $labels.device }}";
@ -182,7 +182,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "Offline uncorrectable errors on {{ $labels.device }}";
@ -231,7 +231,7 @@
}
];
for = "10m";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "High temperature on {{ $labels.device }}";
@ -280,7 +280,7 @@
}
];
for = "0s";
noDataState = "NoData";
noDataState = "OK";
execErrState = "Error";
annotations = {
summary = "UDMA CRC errors on {{ $labels.device }}";

2
hosts/web-arm/modules/grafana/default.nix
View file

@ -115,7 +115,6 @@ in
settings = {
apiToken = "\${PUSHOVER_API_TOKEN}";
userKey = "\${PUSHOVER_USER_KEY}";
device = "iphone";
priority = 2;
retry = "30s";
expire = "2m";
@ -134,7 +133,6 @@ in
settings = {
apiToken = "\${PUSHOVER_API_TOKEN}";
userKey = "\${PUSHOVER_USER_KEY}";
device = "iphone";
priority = 1;
sound = "siren";
okSound = "magic";

6
utils/pkgs/claude-code/default.nix
View file

@ -1,11 +1,11 @@
{ lib, pkgs, runCommand, claude-code }:
let
version = "2.0.76";
version = "2.1.12";
src = pkgs.fetchzip {
url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz";
hash = "sha256-46IqiGJZrZM4vVcanZj/vY4uxFH3/4LxNA+Qb6iIHDk=";
hash = "sha256-JX72YEM2fXY7qKVkuk+UFeef0OhBffljpFBjIECHMXw=";
};
# Create a modified source with our package-lock.json
@ -22,7 +22,7 @@ in
npmDeps = pkgs.fetchNpmDeps {
src = srcWithLock;
hash = "sha256-xSNyYImDpsW6AltA7d0ayMsfVaBcnyPIQOg/Ea2cGNk=";
hash = "sha256-iJwtwAYb/+1Une6Tjxek5ccf4ui3tYWy4kNlHES9He4=";
};
# Remove the old postPatch since srcWithLock already includes package-lock.json

8
utils/pkgs/claude-code/package-lock.json generated
View file

@ -5,13 +5,13 @@
"packages": {
"": {
"dependencies": {
"@anthropic-ai/claude-code": "^2.0.76"
"@anthropic-ai/claude-code": "^2.1.12"
}
},
"node_modules/@anthropic-ai/claude-code": {
"version": "2.0.76",
"resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.0.76.tgz",
"integrity": "sha512-BVwPez7Pst729gxHZNb7iUdjrn4UAzO49zC+Bxlyf0fMe3SsutxEhKTT16VMs2qInE9xhEBCxajCCa888mFPBg==",
"version": "2.1.12",
"resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.1.12.tgz",
"integrity": "sha512-oJlbUJc6iyuTA6X1z+Wsli4cYWqSHT9Ttc/jBXArrrBQcILPLb5lBOKfbVJJgcH3bNLxsXwnAkZjtmmM5SqtsQ==",
"license": "SEE LICENSE IN README.md",
"bin": {
"claude": "cli.js"