From 96c4304e08a66e08ae90d3a6db9c37412d172ce7 Mon Sep 17 00:00:00 2001
From: wo2w <189177184+wo2wz@users.noreply.github.com>
Date: Mon, 16 Feb 2026 21:26:38 -0500
Subject: [PATCH 1/4] glance: init
---
modules/nixos/services/homeserver/caddy.nix | 3 +
modules/nixos/services/homeserver/default.nix | 1 +
modules/nixos/services/homeserver/glance.nix | 176 ++++++++++++++++++
secrets/drone.yaml | 6 +-
4 files changed, 184 insertions(+), 2 deletions(-)
create mode 100644 modules/nixos/services/homeserver/glance.nix
diff --git a/modules/nixos/services/homeserver/caddy.nix b/modules/nixos/services/homeserver/caddy.nix
index 1f6c8fe..9ee2c5d 100755
--- a/modules/nixos/services/homeserver/caddy.nix
+++ b/modules/nixos/services/homeserver/caddy.nix
@@ -67,6 +67,9 @@
tags tag:drone
+ glance {
+ tags tag:drone tag:glance
+ }
grafana {
tags tag:drone tag:grafana
}
diff --git a/modules/nixos/services/homeserver/default.nix b/modules/nixos/services/homeserver/default.nix
index 0ed971d..22df8a8 100755
--- a/modules/nixos/services/homeserver/default.nix
+++ b/modules/nixos/services/homeserver/default.nix
@@ -9,6 +9,7 @@
./continuwuity.nix
./forgejo.nix
./gameserver-caddy.nix
+ ./glance.nix
./jellyfin.nix
./kanidm.nix
./nextcloud.nix
diff --git a/modules/nixos/services/homeserver/glance.nix b/modules/nixos/services/homeserver/glance.nix
new file mode 100644
index 0000000..be9ef49
--- /dev/null
+++ b/modules/nixos/services/homeserver/glance.nix
@@ -0,0 +1,176 @@
+{ config, ... }:
+
+{
+ sops.secrets."glance/secrets.env" = {};
+
+ services.caddy.virtualHosts."glance.taild5f7e6.ts.net".extraConfig = ''
+ import default-settings
+
+ bind tailscale/glance
+
+ reverse_proxy localhost:${toString config.services.glance.settings.server.port}
+ '';
+
+ services.glance = {
+ enable = true;
+ environmentFile = config.sops.secrets."glance/secrets.env".path;
+ settings = {
+ server = {
+ host = "127.0.0.1";
+ port = 8008;
+ proxied = true;
+ };
+
+ pages =
+ let
+ domain = "wo2wz.fyi";
+ tsDomain = "taild5f7e6.ts.net";
+ in [
+ {
+ name = "Home";
+ columns = [
+ {
+ size = "small";
+ widgets = [
+ {
+ # xkcd
+ type = "custom-api";
+ cache = "1h";
+ title = "XKCD";
+ title-url = "https://xkcd.com";
+
+ url = "https://xkcd.com/info.0.json";
+ template = ''
+ {{ .JSON.String "title" }}
+ 
+ '';
+ }
+ {
+ type = "hacker-news";
+ cache = "30m";
+ limit = 10;
+ collapse-after = 5;
+ }
+ ];
+ }
+ {
+ size = "full";
+ widgets = [
+ {
+ type = "search";
+ title-url = "https://searxng.${tsDomain}";
+ search-engine = "https://searxng.${tsDomain}/search?q={QUERY}";
+ autofocus = true;
+ }
+ {
+ type = "bookmarks";
+ same-tab = true;
+ groups = [
+ {
+ title = "Services";
+ links = [
+ {
+ title = "Proton Mail";
+ icon = "sh:proton-mail";
+ url = "https://mail.proton.me";
+ }
+ {
+ title = "Cloudflare Dashboard";
+ icon = "sh:cloudflare";
+ url = "https://dash.cloudflare.com";
+ }
+ {
+ title = "Tailscale Dashboard";
+ icon = "sh:tailscale";
+ url = "https://login.tailscale.com/admin";
+ }
+ ];
+ }
+ {
+ title = "Self Hosted (Public)";
+ links = [
+ {
+ title = "Nextcloud";
+ icon = "sh:nextcloud";
+ url = "https://nextcloud.${domain}/index.php";
+ }
+ {
+ title = "Forgejo";
+ icon = "sh:forgejo";
+ url = "https://git.${domain}";
+ }
+ ];
+ }
+ {
+ title = "Self Hosted (Private)";
+ links = [
+ {
+ title = "Vaultwarden";
+ icon = "sh:vaultwarden";
+ url = "https://vaultwarden.${tsDomain}";
+ }
+ {
+ title = "Jellyfin";
+ icon = "sh:jellyfin";
+ url = "https://jellyfin.${tsDomain}";
+ }
+ ];
+ }
+ {
+ title = "Self Hosted (Monitoring)";
+ links = [
+ {
+ title = "Grafana";
+ icon = "sh:grafana";
+ url = "https://grafana.${tsDomain}";
+ }
+ {
+ title = "Uptime Kuma";
+ icon = "sh:uptime-kuma";
+ url = "https://uptime-kuma.${domain}";
+ }
+ ];
+ }
+ ];
+ }
+ ];
+ }
+ {
+ size = "small";
+ widgets = [
+ {
+ type = "clock";
+ title = "Time and Weather";
+ hour-format = "24h";
+ timezones = [
+ {
+ timezone = "America/New_York";
+ label = "New York";
+ }
+ {
+ timezone = "Etc/UTC";
+ label = "UTC";
+ }
+ ];
+ }
+ {
+ type = "calendar";
+ hide-header = true;
+ first-day-of-week = "sunday";
+ }
+ {
+ type = "weather";
+ hide-header = true;
+ location = "\${GLANCE_WEATHER_LOCATION}";
+ units = "imperial";
+ hour-format = "24h";
+ hide-location = true;
+ }
+ ];
+ }
+ ];
+ }
+ ];
+ };
+ };
+}
\ No newline at end of file
diff --git a/secrets/drone.yaml b/secrets/drone.yaml
index ff5f1b2..d20344a 100755
--- a/secrets/drone.yaml
+++ b/secrets/drone.yaml
@@ -9,6 +9,8 @@ cloudflared:
forgejo:
secret-key: ENC[AES256_GCM,data:KFKTo9Qy6rLOmZmSfTIpJ7RLI+MEhttH9W9Orv6KJhoWG+7mzKNg8SK8ejcj4xVakerFd6XwOITTcmS+xQdpVg==,iv:KAJvvg0DfzF2aQPciCQyhZBlKPx4YNPSCX78Bqh3BGQ=,tag:kCeA8DqOtDPUUjRL4aAt9g==,type:str]
internal-token: ENC[AES256_GCM,data:OQYevugICOaLCQxSleATN1cKVDRvfV5paAas8Opzb1qOu+VmXCcJnoJEd7z0oswQo4Tar0ps9KvuYvOsCcJGChb9U2drFjRRpNQaVWZYG5uIZY2QHzA+Ak/a88JGu025czsAFxLbg5Uj,iv:xglBQ+pqoGZcRPu6GJLxSYs9f+G/CgZUze+hPkdn80Y=,tag:hvMdcV6yX1NjpD7zxRFNLA==,type:str]
+glance:
+ secrets.env: ENC[AES256_GCM,data:GuSXJuflDiLszoqUCZV/c4ynsYCmaNJGFMFqIWBVTaVG/+HnPmaBQ2LF+C1x+AgwiiszQEV1JXQfPzfgPmqcLpgjTw==,iv:L6gwfqwkLyo38KQwvsMLs0G37dmt1Y6oIXNfKAqRnhU=,tag:EfRlAqy7rUZBwuD38ELV8w==,type:str]
grafana:
secrets.env: ENC[AES256_GCM,data:yv7u5+8l7M4PJ4BzCUlTGX8PeFxxVMtS2Pi4yKnvAeZf+4tcz6NFNRjyPeqTFinqmZ8yq+iYA1tBS5Gy9DTHo8TzmhoaWBPI/ZUXQgl5Y7lnGBOyZ6wHlllsP8zbC+zEWW+gRssaXj6yYBuvQTTzfSqSlmZdB7VwhUegiVxMs722jbys1Rl+NE8TKDc384IbwPRAIi6ZO+UH,iv:M/dgcJ++gMH5/sNQDUQvkiJW2n+fSkPCEDZBcFRXWuE=,tag:SocmiehkaCzl9ZB8dNZPZQ==,type:str]
kanidm:
@@ -45,7 +47,7 @@ sops:
N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2026-02-05T14:48:03Z"
- mac: ENC[AES256_GCM,data:4xjci10r/reABYCATMOay5VGn/lhLLpojgSQ2QjVkgxyKM2zcJleJjOwbxdj+D55ntlxlJSEEhxBZ/Ie8BujqQv/01FQrdUwRWEFqD/aHtAhFkUjsEFlpHhN2mzXQpqFB4WQDrjkqKkPpcw9PmrNlf9TOjPrl4CS+9b2HtDnYmw=,iv:L/3c+amIPkP9n8A3ECLewi8NlsiVr9GCQOKs1N0jK+c=,tag:TS/wqMF+n8Sux7k4ANv6NA==,type:str]
+ lastmodified: "2026-02-16T22:07:49Z"
+ mac: ENC[AES256_GCM,data:eBcRGioZ1oIPOljdmY/o3lR5UIkm6H9QggE9uPXrJO5hHfi0CBsVkpHACFcd/H5qBd29LUGajHB5m3xbIJErPStsrl5lo32+QNW8sYybxf9MchqZuB7U2H7qfCGrS6TB82FoTc4WKkwWxcbJlLzrtp8cF/jY+xOpB6KisBTyrFg=,iv:r63ELQTJ006K5b8muq1hKHyCKhvW7CxeAlIDSbM39ac=,tag:cs2tyb+Ti4Gjz00AfivrLQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
From f1fae7be7cbd7df5a48a5228cd8f09b98ce4e81d Mon Sep 17 00:00:00 2001
From: wo2w <189177184+wo2wz@users.noreply.github.com>
Date: Tue, 17 Feb 2026 09:44:28 -0500
Subject: [PATCH 2/4] caddy: improve error handling
only the best
---
modules/nixos/services/homeserver/caddy.nix | 26 +++++++++++++++++----
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/modules/nixos/services/homeserver/caddy.nix b/modules/nixos/services/homeserver/caddy.nix
index 9ee2c5d..d0565be 100755
--- a/modules/nixos/services/homeserver/caddy.nix
+++ b/modules/nixos/services/homeserver/caddy.nix
@@ -29,11 +29,9 @@
enableReload = false;
extraConfig = ''
- (cloudflare-tls) {
- tls ${config.sops.secrets."caddy/wo2wz.fyi.crt".path} ${config.sops.secrets."caddy/wo2wz.fyi.key".path}
- }
-
(default-settings) {
+ import httpcat-errors
+
encode
header {
@@ -45,6 +43,26 @@
-X-Powered-By
}
}
+
+ (cloudflare-tls) {
+ tls ${config.sops.secrets."caddy/wo2wz.fyi.crt".path} ${config.sops.secrets."caddy/wo2wz.fyi.key".path}
+ }
+
+ (httpcat-errors) {
+ handle_errors {
+ header Content-Type text/html
+ respond <
+
+ {err.status_code} {err.status_text}
+
+ 
+ shit
error id: {err.id}
+
+
+ HTML
+ }
+ }
'';
# have to specify node tags here because if there are two tailscale blocks it just dont work
globalConfig = ''
From 83059bbb939cd8d5854703d3f249113d3d23a299 Mon Sep 17 00:00:00 2001
From: wo2w <189177184+wo2wz@users.noreply.github.com>
Date: Tue, 17 Feb 2026 09:46:05 -0500
Subject: [PATCH 3/4] vaultwarden: fix admin path block
---
modules/nixos/services/homeserver/vaultwarden.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/nixos/services/homeserver/vaultwarden.nix b/modules/nixos/services/homeserver/vaultwarden.nix
index e788729..ad71f08 100755
--- a/modules/nixos/services/homeserver/vaultwarden.nix
+++ b/modules/nixos/services/homeserver/vaultwarden.nix
@@ -14,7 +14,8 @@
bind tailscale/vaultwarden
# block connections to admin login
- respond /admin/* 403
+ @admin path /admin /admin/*
+ respond @admin 403
reverse_proxy localhost:8000
'';
From 0ae65af2a32a690e58ccf7d4c601beb0a0927243 Mon Sep 17 00:00:00 2001
From: wo2w <189177184+wo2wz@users.noreply.github.com>
Date: Sat, 21 Feb 2026 14:04:19 -0500
Subject: [PATCH 4/4] librewolf: add glance as start/homepage and searxng as
default search engine
---
modules/home/librewolf.nix | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/modules/home/librewolf.nix b/modules/home/librewolf.nix
index 3d07f6d..4561e86 100755
--- a/modules/home/librewolf.nix
+++ b/modules/home/librewolf.nix
@@ -37,6 +37,7 @@
(extension "enhancer-for-youtube" "enhancerforyoutube@maximerf.addons.mozilla.org")
(extension "indie-wiki-buddy" "{cb31ec5d-c49a-4e5a-b240-16c767444f62}")
(extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me")
+ (extension "new-tab-override" "newtaboverride@agenedia.com")
(extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack")
(extension "return-youtube-dislikes" "{762f9885-5a13-4abd-9c77-433dcd38b8fd}")
(extension "ublock-origin" "uBlock0@raymondhill.net")
@@ -45,8 +46,15 @@
profiles.wo2w = {
search = {
force = true;
- default = "ddg";
- privateDefault = "ddg";
+ default = "searxng";
+ privateDefault = "searxng";
+ engines = {
+ searxng = {
+ name = "SearXNG";
+ iconMapObj."16" = "https://searxng.taild5f7e6.ts.net/favicon.ico";
+ urls = [{ template = "https://searxng.taild5f7e6.ts.net/search?q={searchTerms}"; }];
+ };
+ };
};
settings = {
"browser.urlbar.suggest.history" = true;
@@ -54,8 +62,10 @@
"browser.urlbar.suggest.openpage" = false;
"browser.urlbar.suggest.topsites" = false;
"browser.urlbar.suggest.recentsearches" = false;
+
# remember tabs on startup
"browser.startup.page" = 3;
+ "browser.startup.homepage" = "https://glance.taild5f7e6.ts.net";
# encrypted dns
"network.trr.mode" = 2;
@@ -67,8 +77,7 @@
"privacy.clearOnShutdown.cache" = false;
"privacy.clearOnShutdown.cookies" = false;
"privacy.clearOnShutdown.sessions" = false;
- "privacy.donottrackheader.enabled" = true;
-
+ "privacy.globalprivacycontrol.enabled" = true;
# use xdg file picker instead of builtin browser picker
"widget.use-xdg-desktop-portal.file-picker" = 1;
};