From 59db51c06bb7b5d47957fbdeaaaef93d18bcebbb Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 26 Dec 2025 20:17:52 +0100 Subject: [PATCH 1/6] feat: adds `gluetun`-env --- modules/core/sops.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 3a0e7a0..2d33e6a 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -21,6 +21,7 @@ "minioRootCredentials" = { }; "atticdEnvironment" = { }; "nextcloudPassword" = { }; + "gluetunEnvironment" = { }; "matrixRegistrationSecret" = { owner = "matrix-synapse"; }; From 2c2e1544c5e6c5acf1ff28032aaf8e8b682da042 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 26 Dec 2025 20:18:05 +0100 Subject: [PATCH 2/6] secrets: update --- secrets/violet/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 792bf42..799fcc4 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -7,6 +7,7 @@ syncplay: ENC[AES256_GCM,data:Vrn1GmmUnIikiTKIQtP3qBfZIZRW2Za2Xhhegp7PAulujxumLG atticdEnvironment: ENC[AES256_GCM,data:ddsrYQn49C5j+lkaTHVBZp2Q4yR6KMTeoYE8wdoBdjQz+7+d0FZTMQagDriNv0nIazNBS/5WrDJ2/L+BOieUuHUfGLLIMICgpo2zzbChTT4Ox63cH/Bkonx09jkAvKEZ9xW7o/L+OTwCsMH7wULFzEFvUdp3m339qk5GEGnjTqgWAiglQHLbaMtEQHnt6IJh1Q3g/h0g+faN2seHSijGzIMIMCBsk7yC54HmuyCl8BhmBNERmJ1s/4X/QXVpKy0pu7be+Ydby80LO8IPyl8+M3PR3DL+q+zOH0LWO55yuVGwAXS/H1ljVz8dThbVLWoTkudn9YB8l4dhXty0exDLyyhqe3dKaCbmN9whR6URfXP20Pn0eYlogXHNBNtdHO7Au9kVOE2m6XvaA1Q14FQqi/ZEQVhwNVTPlvmXGOp6yk7Qj/Z5W8XED1oq/Cx72TK75JQtYRKYVFaGWLB5J4EjaD7ypRURUQTK9+U0MMldXlscucsRIBQeKglgPyWvo9IZeqML6Zn815rVa/pv9Z/SJTgAruqJyJq7q8a6a6RR/m7hfHA0s3te2SvFbPiRYKpy70plCD/u+VxaXtMsmMBIV6iIdS4NjEjVm4OqpOg20KSv2Iq0oYa/UxnbgcGdp0c0zNUYM+POrnIYqosfobQFys3HxIfsD3TawofVJ+p3LFVfnmO83O+n3LbYNvuzBgkeR1rryY4pJBJkNbxPCCQUIhHtuibdI5I+yHwRzPTRvEiRok+vvfS//JKJ6BaUwzkS7ZnwXiU4QcvC4F3yR5d/ADF9MxPoezXuC5Oet9Tw1n2zRlJAs/heZXoE9GXAzrICjeAK1ZdkomJ3n8TnHYpfTPO6n3AnaJ+u0RFZJtbd20JWd1i+jcFQc1xMNkQXCzRL22WJHKQJnJiNGlqqn+V+8L5TkElaubrqzR0KHE9SE5RLzVDrFrAiTFd1/jOE82K/Vaeh0UyVZpNqJxhMV1wg6A3EKeOe/WRSbPOEoqxSjYUImyX6trX5zK5IgsGL0bk1BGMbDfrcOCRGd4qYZxvJ5JAJiWDjkRHrWK5q1peA5c7mEC/VEX02BZqxlHQap0+d4puheRqEEJBrLXgCbOGorxFeoUDQZvBMnMzCowGi3pAsgJRVUqyoB84CtH2joPZVBigjApRRspyEfNjUKUfuNtRXsLnunmqhTlZnCX2JvaDPzSTr/XgxOTJO/PQPACnLtZEL8xWUJV8iM10aUv93eKalro1c6hcAKrPrn/qJ9yawzG23GU6Gouro1PSnf0O9fuPuxw90hssKnGO99QTGMp8wv26OdeqD4iOsyyh/65bYMPwxfL2nS8/GWPvJ8ZyXGALrkkFWZ8PFEEUu29g3T12f7wPqie3RiKtczk1PLFABNErSSOuTySfEDYQJiUH1dKCijhoQztEb4TMqAS/nvPO8tVQgeWIQX6yZBchrLtJ2hM8ZG25TiOooVTXF9HW6G1MMsL/AAhfR/YJFM3aMV6Q1rYBDOf5dFE+U0cjHAl7rtJEEUyl+LxPp+FRO9MrCNsuRm2IsgbhrZ1fe95nUB2VM6vAhsaQbuLoxFUm1LcxuaGbAmbf/EFvwMQXFe1NeoVfBKJpOuBH/b+u8oBwmqGUI0dE8snwKYHtcwF2xD9H8WSkWmF3UtPa4vhtf3BOAPkKlTu0Ouy3QiTfQ6hRhpf4DA90MhwgltNO1Zc6pO3uIaqOK49zvMlb65kbZm14j/CvbRC7Y4h43xIauT/Xc4ynVJdRhYYrZi7tF6QrPNyJ7Xa7veHbxkKXStNH4Xs0vYRPopjctEZa1jOlePO5KCEvyBu3yi5TBtz1OtjI/rZfjG9X4240uKg1vrvBrKQLh1Z7UsPO9AT2NXPyxgxRWTLybiyAl8hoin+47Lwzo3HZLG07PeCCl0oQUpdGYuGPuE/aAwO92QqcQNk234IyehGFcZdthaXXSj5gRimh7W103awzENxop0SQ7HYAY76g29DVH0DDiCa4K8GqyC5ewvuLbbJw24ekK4RU/59pNfOqAD6p1RBJz9gd3lbw0KTcyzf1tbhzAZVK9szenNQESaI9eoGc/2U4rslcPWE8UnJ/sB8LDHnqDYNoAq2U1BW4MF7q9/ZJGD62FCQohNJ/rxQSih4w7mNvtkjW/4KIcXv5lFuSBmB1gkxJvPZTGXGzKfYUDS6juHYWK1MGnteRX5Ium9sScGpwjFV/6qbsiuhmW3rk84vzexX3QEOZcxATAg6mXifdG69dnwAo4U8rAPkMv69Y5okREzzJ79/Shf2JDbdgiY9hs3nBtY721ZcBn5RtAAdFtIci/OS8RZYjnqgrkTAspIigZ+Jj/zlSG4vc5hIrx82BCKYEKzyB8KvfnhgC8AxA//jgZkDTiKcLabvaUSh+9pjpavwGMf6sCswLgCcvmTFNaL3RRrEAL5l3UVKfZg+ZBv4Qr2VVyECvvhnL8+nGae5ujpM5r3M7b6CSRSP0X0bBZAVxTiv+/qkHSZlPivO9YrhnXeoYnwGQKvp/WdVmb9OH/02FDxqSNuLUhSEVb4oRjnmYFchHTIWiXzktOYX1eQV1RQ4v028PuD3h1LGgZ5AeYPvgdRXgdTcPWSwhiznbIUo1mU1dZtiJfpACdwTamtluFWtOU+/gyp0xoEFGKYS+HsFm2Zg5p/Jr7ioQMkNguI5al2XCR0Q0StN53NJYlGy8hudh6f9wHDk/ASEfOlYI20th2VhEk/zA1bdi2xmIYMGYfNN1Iz5MGrvWetEmEoQ4cwJ6AKJdqY1rYnvwybZTN4J24ckxoX2/XEiiRDo4K9X8pJYuCq1jCVO8jfOZ9Xoy+DbPDqLPDsTBWGBcKaSJAZQGgW/YKlM+Hrxpz789reKeMKNJYyHwkFb5/U2eBjzW5jbLZQ1g0VByNOrKHW3hHxezt1jaEageKPiq6kMlqtWK+NOH9OjCs9UJuCgo3WtskSvMrJj4b8IdkGKv2tiu+I6c1U8mGbfntjUHkkMjbN72HTdsADyNZA5TWaqbdaKTxHomWaOgBq7L8h0rCdzEpERO+zJhu5lLi2xP61O+9ZaVMzaDZGUin3Z7D7tUOklU+7NXil4IAD2ZLX+prPIOxrZ9uYACweUOPwWd5PKU9SH6z6tfwleOjLkbdqbxD882sFI73Y4aSxHA/PRBbhN9OnLcGK/VWDzGh/BZo9tSQ+wuQddkmJhKZBxk2bKhDSZVLCYbMyQazTz4Hu8ICtz8aRgvPwGmoMNhcxrtWOPDOCg7WroHzowjcIn3NWK/LAN4L2ENQwYN5zD9HWQR/+gx4yQabPXFZ5WunL5PYWoUcGkWOsCuLjj6H9nvgeKKHZLmY8gO+7+UcTDrzx8bSS0O5Ti6OL34dP3sNFehlI5YBNRnaYOctUT4gbgbZtgDaAxMhZgpP4mMLHfTXagfYpTqP0HG13u20m6LKwe2O9RSNQ6j4beNHhPvcOsKE4XCi1XBfggH+ERSiIdpIlvSp1V4JmcxPfIlCqrOZqk/v575h+RmJoML+r+mDi6VaW6IKNcFUzpVHQz4QGnMf3UzC+MstRquXCXNBN7QAOez5Z6uiDEjTS1U5hH5D6Gpxp8DZCTL4pThIQtzL4aAa5jNE77qrFfdMXbgGtRf3kAEae8mB6NAFoThkbxhL9BT//7w67M0N94nVLp8g3UzGl9ojH7wnxmj/HFXVXuBi9U+PtfMXFWlZmL0SG7ETfJNl5P60FBIfotLVy86hagVEL+ayA0IW+c9ButaLzzXML0z/dniou+vRMchQLbGuTWnFnoh+hhJDkTMVbKrEG5zCm3iHQsl9FTrVa0qfVC5KUalTsu2ueF5BQ3aQTZoWxmf8CeiztxNmLYinNXCxLn5HakmvkNxyt3LRYhiKga28ppP3N8MOLkuTvB+VXA/TA/K5KkJlycATdEFYEfSt/nGHRb2LVztOyVYC9mG6oS0N5dLjToVnpa6BA+Dr9iYT1zIYATgvk3syw7laeqsg88KdofaHUt4NjaPy6BL3r2T1RLQKSoWM9AGTrSQvoqkTjk42bTFWsOtv+3jRQNTj6OT4VDfjWEJ4/UcfzGtJLQsqz7vYm9YAKQOHVTuYG8cU3MZwRcTuCeE0pEcGOT/07ZjM7/y86s2p9f8QCfPr74HPNB6kHLa6tt47jl+wNcBraMSVILsTC2CwC1u8X39KrmyNAprZtPJWC6uzhpO+priWMn6VgdKV9F916FxnX0lg/C/t3/tM5pvsPOEdsp6rrWU6dWXVAniiDEaZmwxK+MRAmLyjZTXNolZ6j7eCW4jRO6s0dwa5FT6Vq8oFv8Gehb5musrVH5so7Ar/rZTDKWXfrUwESIJOcKF/wjBDrliqg4IYQma3dDig4SZOht5X81OzbkbBPG6/3QZGHpz4FhUJlrY3ynoxuMhXzPG5WScIv6our31InTuO7IF6Uh7uM14YldG6eCK5yaAzZrFnSjK0oR8Qcqt/otl5xQc3SqauodXweHiAq5m8VFy2Aqv4vayjAzQ9ce9hE2GCbubAjFY9RSqmaVyNGUrJlnJXCkKmaGWGkdWMn+qs2Y1xX10ffT5dIy9sMVvwLTX056T3uEJEdcAxEUG+Syr6m5nxpqaABVXPfn9oesyzVRh8vAWq2Y9YI4LHMMLg1BB1cg3LM2N8XZl7RdpF4jTf9c7QkzGv/E0LtzvO+UJTNY6V0klvoEP3vrMFqouYJryFsdMFdo0OfZNZFmq6lPQY8DcIa9InI7qqPGB+sbtG6SDpe1VjypF4iJ8iLH9mLHIQN632KaoMaVLO7J3X6jXFNHlzwORYIlzsBeO9VnMTtOKg2o+G25eXb4vGHRBd+PNbGxh1C6R2vsnzMmK4MYuME7BbCDMMcYxCaoq1UnqF3mhzlbj2Uw3mB37EBNHe2zx6d7hKIO28He8skyT0efSspktMZB9XU/2Z9rnJEnSgFKu65UnHT31wvpUg+O8uzdU6/5IfjOZcZL9XJh1cZ0T5JDOizB4A/42CwT8jg0VOVOCMcZx2jhc2GZO+MxU8Uq7wqq3Ov8yQfuI43Yp8fHsWnomX/Y/49oPL//+UnVZGrHCTwjgowjSk2veRthz6b3e3fG9CkXGf9WpYTwofQRsAHs8u7Im8m2DqxNNsasFfR91jbM8/GpeCn0dzFdJlyxXSLyH4H60POUHNGhayory9SiYc8RFjVimGYg9MZ+dKvX+Zy7SJ7oDasoIhN2EOV/2eBSce8caqgShTbCSAC3whEKu37WAKZ3dP5fQiRpkfonockuTliR3pz1Bdpp7Q6SHg+2agwUTuIWDGd3I0jpty5i5s9fgsejJNx+6iZYSlpX2RCz/9Sz0Ks0lZ4bC58urhkcNA19Ogb2jEy1pWLb8/VD3UeEXxnU7OzT6bLmJKH3Jxt5N9e4Y8CSC4DpJygH6dyxR5qkuTRHz8vLtYE8Nmc9Ny42NnhXif+rHi0fn3SrlNtD10bJrKXu0RIuu6vmOGfFjSvibreSzjICgXop27wYFRa5xOCfI4rCaosLs6t8JYklLGyhErLU8WlbPDelEDjhJvPnX+ucrSkVBiJu3Bxet42FG/u94/CYR2gWbjGJzdR09rtt/lADcMh5ZVSsMZviqMFoqEaU0fHIArz2EvcrRR00kuFPeTFIu5eFwxzZ368m4jU+8heg0MBdQKLe5gaQ9tTSdSPX9JxcXgZ0ry4xsOErtzZCODxWKwH0BP5H0p8NXMz0n8E5Cw1YF11v4YjnZlGZZRpSGzh505KkrvLWhjty4WHu2u620wfltJC8iqVCS0AZscT/hK3B1jpxpwtFGulm1gFttOK8usB/uyzw==,iv:EcWY/Msbns1O6Cm4cZQDRZbdDCWr6+QRH9X3/Wl/jAM=,tag:+Iwec3h+bP9r6RVv7GIqOA==,type:str] funkwhaleDjangoSecret: ENC[AES256_GCM,data:5IQC3gN7nGMaquV/xuIUU/vk64QQ9WQ4nrBUe/I1uulqW9J8c/nM/cPCS9gFRdp7I42LRFObo+sc23OnK3IBxuNBGEk2ZJwdf1/NVY4=,iv:BYqE6LsC7BXe3HH5Iq9LDDnx4vGZdVlugxbZuKHfUyE=,tag:Fyjwkq8Nd9/MSlNCHky38g==,type:str] nextcloudPassword: ENC[AES256_GCM,data:aJrC359/FYbjkXtUBFmw5vZult/XofmfH6NS7Ny/Hl5T6NaevoZLXcqMJgHeLssRnURrvXW4f/S0S0cj6HuLog==,iv:VYt6W2l2u7zz30VjNNyHl+PhqeUJvQa7TluToyr83e0=,tag:KxJQ0Lv+RvIrEiHPdNfHyA==,type:str] +gluetunEnvironment: ENC[AES256_GCM,data:R7gOo6/LvPpJEONWNVsLedU2VdP5GanrEcY/XIpMIKmZCYITL/9dR29Pp2ymr/EDtIIjVN4vSHGwdzw1aQcoER+55fg/ZnDnipD9iHyys1B5SFpO7raeLAD27D7iWkV3gWsXR/BJUIftrUREHxPjhATvXJ1TPDK9JCrBEe8M58HOtBTzSlWe6Bffs22mcCX0tQ==,iv:3UE3SaANUE79P4C/8/iIcO51HA/qD1wPthAOlEV4SaQ=,tag:JPvZmsyc2BALfKNCE7clLQ==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -27,7 +28,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-15T11:16:17Z" - mac: ENC[AES256_GCM,data:RjYw+DrQl2fzFR67rSmjYrD6OzcbbviUcbknQNOQfXrDcKccUk9qSc5bdSNDoIEJBopGlq7SBLJA6mYWZa/lNUENT/2D3Q7epSjmrakJ3TirBS8lesHZY7G1vQGqiUcLlqUcqg0N3HgazkybOoROZ9Lw9b9fL/Ibm8cZeFvTr04=,iv:iT26y1jMQtevBviuXhWCg2dAs3LWTi76HVJSD688riM=,tag:OFLArIRnV+dWx10wCQtybA==,type:str] + lastmodified: "2025-12-24T10:35:47Z" + mac: ENC[AES256_GCM,data:PTxBUZtXp11oBJhMM7oLJ2kj7xQRyuopfF1Ab5A22vxCncJV4utMa0IkL374rWCZWmBREVb7SykezN+5tDvhr0e8Bmq0Xy1wLfvFscD2PH2BNjpcTe6bhHatMCkRlkL3GMMv/UHjqEilIzoTAw+BC0Oxq/X08xhIyHIBHg38d3s=,iv:kgOzQTTSG5Oqfs85n20SB5MwsnyB8mFjnVG573nFH+4=,tag:+U5Tus51DqCASBSfNIBDsA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 76710140261091272ab1797243debb9de697aefd Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 31 Dec 2025 01:35:01 +0100 Subject: [PATCH 3/6] chore: comment out anubis --- modules/services/anubis.nix | 18 +++++++++--------- modules/services/attic.nix | 17 +++++++++-------- modules/services/binternet-proxy.nix | 20 ++++++++++++-------- modules/services/forgejo.nix | 17 +++++++++-------- modules/services/guacamole.nix | 17 +++++++++-------- modules/services/librey-proxy.nix | 20 ++++++++++++-------- modules/services/uptime-kuma.nix | 17 +++++++++-------- 7 files changed, 69 insertions(+), 57 deletions(-) diff --git a/modules/services/anubis.nix b/modules/services/anubis.nix index f906920..9b12480 100644 --- a/modules/services/anubis.nix +++ b/modules/services/anubis.nix @@ -1,12 +1,12 @@ { config, lib, ... }: { - users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; - services.anubis = { - defaultOptions = { - enable = true; - settings = { - SERVE_ROBOTS_TXT = true; - }; - }; - }; + # users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; + #services.anubis = { + # defaultOptions = { + # enable = true; + # settings = { + # SERVE_ROBOTS_TXT = true; + # }; + # }; + #}; } diff --git a/modules/services/attic.nix b/modules/services/attic.nix index ca91497..afce300 100644 --- a/modules/services/attic.nix +++ b/modules/services/attic.nix @@ -32,19 +32,20 @@ }; }; }; - anubis.instances.atticd = { - settings = { - TARGET = "http://localhost:8060"; - BIND = ":8061"; - BIND_NETWORK = "tcp"; - }; - }; + #anubis.instances.atticd = { + # settings = { + # TARGET = "http://localhost:8060"; + # BIND = "/run/anubis/anubis-atticd/anubis.sock"; + # METRICS_BIND = "/run/anubis/anubis-atticd/anubis.sock"; + # }; + #}; nginx.virtualHosts."cache.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}"; + # proxyPass = "http://unix:${toString config.services.anubis.instances.atticd.settings.BIND}"; + proxyPass = "http://localhost:8060"; proxyWebsockets = true; }; }; diff --git a/modules/services/binternet-proxy.nix b/modules/services/binternet-proxy.nix index 4191e01..922e0e9 100644 --- a/modules/services/binternet-proxy.nix +++ b/modules/services/binternet-proxy.nix @@ -1,19 +1,23 @@ { config, ... }: +let + target = "http://localhost:8081"; +in { services = { - anubis.instances.binternet = { - settings = { - TARGET = "http://localhost:8081"; - BIND = ":8082"; - BIND_NETWORK = "tcp"; - }; - }; + #anubis.instances.binternet = { + # settings = { + # TARGET = target; + # BIND = "/run/anubis/anubis-binternet/anubis.sock"; + # METRICS_BIND = "/run/anubis/anubis-binternet/anubis.sock"; + # }; + #}; nginx.virtualHosts."curate.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.binternet.settings.BIND}"; + # proxyPass = "http://unix:${toString config.services.anubis.instances.binternet.settings.BIND}"; + proxyPass = target; proxyWebsockets = true; }; }; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 942a874..bdfa451 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -68,19 +68,20 @@ in # }; # }; # }; - anubis.instances.forgejo = { - settings = { - TARGET = "http://localhost:3050"; - BIND = ":3051"; - BIND_NETWORK = "tcp"; - }; - }; + #anubis.instances.forgejo = { + # settings = { + # TARGET = "http://localhost:3050"; + # BIND = "/run/anubis/anubis-forgejo/anubis.sock"; + # METRICS_BIND = "/run/anubis/anubis-forgejo/anubis.sock"; + # }; + #}; nginx.virtualHosts."code.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}"; + # proxyPass = "http://unix:${toString config.services.anubis.instances.forgejo.settings.BIND}"; + proxyPass = "http://localhost:3050"; proxyWebsockets = true; }; }; diff --git a/modules/services/guacamole.nix b/modules/services/guacamole.nix index 2fdac6d..d8f210b 100644 --- a/modules/services/guacamole.nix +++ b/modules/services/guacamole.nix @@ -17,19 +17,20 @@ guacd-hostname = "localhost"; }; }; - anubis.instances.guacamole = { - settings = { - TARGET = "http://localhost:4822"; - BIND = ":4883"; - BIND_NETWORK = "tcp"; - }; - }; + #anubis.instances.guacamole = { + # settings = { + # TARGET = "http://localhost:4822"; + # BIND = "/run/anubis/anubis-guacamole/anubis.sock"; + # METRICS_BIND = "/run/anubis/anubis-guacamole/anubis.sock"; + # }; + #}; nginx.virtualHosts."remote.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.guacamole.settings.BIND}"; + # proxyPass = "http://unix:${toString config.services.anubis.instances.guacamole.settings.BIND}"; + proxyPass = "http://${toString config.services.guacamole-server.host}:${toString config.services.guacamole-server.port}"; proxyWebsockets = true; }; }; diff --git a/modules/services/librey-proxy.nix b/modules/services/librey-proxy.nix index 09e95b4..8c9e03b 100644 --- a/modules/services/librey-proxy.nix +++ b/modules/services/librey-proxy.nix @@ -1,19 +1,23 @@ { config, ... }: +let + target = "http://localhost:8078"; +in { services = { - anubis.instances.librey = { - settings = { - TARGET = "http://localhost:8078"; - BIND = ":8079"; - BIND_NETWORK = "tcp"; - }; - }; + #anubis.instances.librey = { + # settings = { + # TARGET = target; + # BIND = "/run/anubis/anubis-librey/anubis.sock"; + # METRICS_BIND = "/run/anubis/anubis-librey/anubis.sock"; + # }; + #}; nginx.virtualHosts."search.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.librey.settings.BIND}"; + # proxyPass = "http://unix:${toString config.services.anubis.instances.librey.settings.BIND}"; + proxyPass = target; proxyWebsockets = true; }; }; diff --git a/modules/services/uptime-kuma.nix b/modules/services/uptime-kuma.nix index 923b6f0..57da4df 100644 --- a/modules/services/uptime-kuma.nix +++ b/modules/services/uptime-kuma.nix @@ -5,19 +5,20 @@ enable = true; settings.PORT = "4800"; }; - anubis.instances.uptime-kuma = { - settings = { - TARGET = "http://localhost:4800"; - BIND = ":4801"; - BIND_NETWORK = "tcp"; - }; - }; + #anubis.instances.uptime-kuma = { + # settings = { + # TARGET = "http://localhost:4800"; + # BIND = "/run/anubis/anubis-uptime-kuma/anubis.sock"; + # METRICS_BIND = "/run/anubis/anubis-uptime-kuma/anubis.sock"; + # }; + #}; nginx.virtualHosts."uptime.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.uptime-kuma.settings.BIND}"; + # proxyPass = "http://unix:${toString config.services.anubis.instances.uptime-kuma.settings.BIND}"; + proxyPass = "http://localhost:4800"; proxyWebsockets = true; }; }; From 185fc681f53e4fd05253801e8c02672d7d30881d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 31 Dec 2025 01:43:47 +0100 Subject: [PATCH 4/6] feat: adds nextcloud (works!) --- modules/services/nextcloud.nix | 59 +++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 62c7877..856c9c7 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -1,19 +1,33 @@ -{ ... }: +{ config, pkgs, ... }: { services.nextcloud = { - enable = false; - config.dbtype = "sqlite"; - configureRedis = true; - home = "/home/liv/nextcloud"; - config.adminpassFile = "/run/nextcloud/adminpassFile"; - maxUploadSize = "25G"; + enable = true; + package = pkgs.nextcloud32; + hostName = "cloud.liv.town"; + # appstoreEnable = true; https = true; - hostName = "dandelion.srv.liv.town"; + maxUploadSize = "10G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + news + contacts + calendar + groupfolders + notify_push + ; + }; + config = { + adminuser = "root"; + adminpassFile = config.sops.secrets.nextcloudPassword.path; + dbtype = "sqlite"; + }; + configureRedis = true; settings = { - trusted_domains = [ - "dandelion.srv.liv.town" - "files.dandelion.srv.liv.town" - ]; + mail_smtphost = "smtp.migadu.com"; + mail_smtpport = 465; + mail_smtpname = "notifications@liv.town"; + mail_smtpauth = true; + trusted_domains = [ "cloud.liv.town" ]; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" @@ -29,4 +43,25 @@ ]; }; }; + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + }; + systemd.services.nextcloud-custom-config = { + path = [ + config.services.nextcloud.occ + ]; + script = '' + nextcloud-occ theming:config name "livnet" + # nextcloud-occ theming:config description "liv to your fullest" + nextcloud-occ theming:config url "https://cloud.liv.town"; + # nextcloud-occ theming:config privacyUrl "https://liv.town/privacy"; + nextcloud-occ theming:config color "#3253a5"; + ''; + # nextcloud-occ theming:config logo ${./logo.png} + after = [ "nextcloud-setup.service" ]; + wantedBy = [ "multi-user.target" ]; + }; + } From bfc9907c81690a587b4cf8bc5630cd0ea73b85c7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 8 Jan 2026 21:24:06 +0100 Subject: [PATCH 5/6] feat: switch to `vicinae` --- modules/home/hyprland/config.nix | 3 ++- modules/home/hyprland/hyprland.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index e683cd2..d37d4cb 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -261,7 +261,8 @@ "$mainMod, Q, killactive," "$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar "$mainMod, Space, togglefloating," - "$mainMod, D, exec, bemenu-run -l 5 --ignorecase" + # "$mainMod, D, exec, bemenu-run -l 5 --ignorecase" + "$mainMod, D, exec, vicinae toggle" "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "$mainMod, E, exec, nautilus" diff --git a/modules/home/hyprland/hyprland.nix b/modules/home/hyprland/hyprland.nix index e215b35..ccbcdb3 100644 --- a/modules/home/hyprland/hyprland.nix +++ b/modules/home/hyprland/hyprland.nix @@ -13,6 +13,7 @@ nwg-dock-hyprland hyprland-monitor-attached hypridle + vicinae ]; # systemd.user.targets.hyprland-session.Unit.Wants = [ "xdg-desktop-autostart.target" ]; wayland.windowManager.hyprland = { From 6c30d4518ad80ce6b6c4f05649ba4e90199c436e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 8 Jan 2026 21:26:18 +0100 Subject: [PATCH 6/6] feat: adds certificates for `ahwx.org` --- modules/services/nginx.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index aa4315e..0cf7bff 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -24,6 +24,14 @@ environmentFile = "/home/liv/desec.env"; # location of your DESEC_TOKEN=[value] webroot = null; }; + "ahwx.org" = { + domain = "*.ahwx.org"; + extraDomainNames = [ "ahwx.org" ]; + group = config.services.nginx.group; + dnsProvider = "desec"; + environmentFile = "/home/liv/desec.env"; # location of your DESEC_TOKEN=[value] + webroot = null; + }; "quack.social" = { domain = "*.quack.social"; extraDomainNames = [ "quack.social" ];