wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

Compare commits

base: wo2w:c410a78eb244b52b03a52ee194f08a16ee1af5b4
Branches Tags
wo2w:main
...
compare: wo2w:0ae65af2a32a690e58ccf7d4c601beb0a0927243
Branches Tags
wo2w:main

4 commits
c410a78eb2 ... 0ae65af2a3

Author SHA1 Message Date
wo2w
0ae65af2a3 librewolf: add glance as start/homepage and searxng as default search engine 2026-02-21 14:04:19 -05:00
wo2w
83059bbb93 vaultwarden: fix admin path block 2026-02-17 09:46:05 -05:00
wo2w
f1fae7be7c caddy: improve error handling 
only the best
 2026-02-17 09:44:28 -05:00
wo2w
96c4304e08 glance: init 2026-02-16 21:26:38 -05:00
6 changed files with 221 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/home/librewolf.nix
View file

@ -37,6 +37,7 @@
(extension "enhancer-for-youtube" "enhancerforyoutube@maximerf.addons.mozilla.org") (extension "enhancer-for-youtube" "enhancerforyoutube@maximerf.addons.mozilla.org")
(extension "indie-wiki-buddy" "{cb31ec5d-c49a-4e5a-b240-16c767444f62}") (extension "indie-wiki-buddy" "{cb31ec5d-c49a-4e5a-b240-16c767444f62}")
(extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me") (extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me")
(extension "new-tab-override" "newtaboverride@agenedia.com")
(extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack") (extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack")
(extension "return-youtube-dislikes" "{762f9885-5a13-4abd-9c77-433dcd38b8fd}") (extension "return-youtube-dislikes" "{762f9885-5a13-4abd-9c77-433dcd38b8fd}")
(extension "ublock-origin" "uBlock0@raymondhill.net") (extension "ublock-origin" "uBlock0@raymondhill.net")
@ -45,8 +46,15 @@
profiles.wo2w = { profiles.wo2w = {
search = { search = {
force = true; force = true;
default = "ddg"; default = "searxng";
privateDefault = "ddg"; privateDefault = "searxng";
engines = {
searxng = {
name = "SearXNG";
iconMapObj."16" = "https://searxng.taild5f7e6.ts.net/favicon.ico";
urls = [{ template = "https://searxng.taild5f7e6.ts.net/search?q={searchTerms}"; }];
};
};
}; };
settings = { settings = {
"browser.urlbar.suggest.history" = true; "browser.urlbar.suggest.history" = true;
@ -54,8 +62,10 @@
"browser.urlbar.suggest.openpage" = false; "browser.urlbar.suggest.openpage" = false;
"browser.urlbar.suggest.topsites" = false; "browser.urlbar.suggest.topsites" = false;
"browser.urlbar.suggest.recentsearches" = false; "browser.urlbar.suggest.recentsearches" = false;
# remember tabs on startup # remember tabs on startup
"browser.startup.page" = 3; "browser.startup.page" = 3;
"browser.startup.homepage" = "https://glance.taild5f7e6.ts.net";
# encrypted dns # encrypted dns
"network.trr.mode" = 2; "network.trr.mode" = 2;
@ -67,8 +77,7 @@
"privacy.clearOnShutdown.cache" = false; "privacy.clearOnShutdown.cache" = false;
"privacy.clearOnShutdown.cookies" = false; "privacy.clearOnShutdown.cookies" = false;
"privacy.clearOnShutdown.sessions" = false; "privacy.clearOnShutdown.sessions" = false;
"privacy.donottrackheader.enabled" = true; "privacy.globalprivacycontrol.enabled" = true;
# use xdg file picker instead of builtin browser picker # use xdg file picker instead of builtin browser picker
"widget.use-xdg-desktop-portal.file-picker" = 1; "widget.use-xdg-desktop-portal.file-picker" = 1;
}; };

29
modules/nixos/services/homeserver/caddy.nix
View file

@ -29,11 +29,9 @@
enableReload = false; enableReload = false;
extraConfig = '' extraConfig = ''
(cloudflare-tls) {
tls ${config.sops.secrets."caddy/wo2wz.fyi.crt".path} ${config.sops.secrets."caddy/wo2wz.fyi.key".path}
}
(default-settings) { (default-settings) {
import httpcat-errors
encode encode
header { header {
@ -45,6 +43,26 @@
-X-Powered-By -X-Powered-By
} }
} }
(cloudflare-tls) {
tls ${config.sops.secrets."caddy/wo2wz.fyi.crt".path} ${config.sops.secrets."caddy/wo2wz.fyi.key".path}
}
(httpcat-errors) {
handle_errors {
header Content-Type text/html
respond <<HTML
<!DOCTYPE html>
<html lang="en">
<head><meta charset="utf-8"><title>{err.status_code} {err.status_text}</title></head>
<body>
<img src="https://http.cat/{err.status_code}.jpg" alt="{err.status_code} {err.status_text}">
<p>shit</p><p>error id: {err.id}</p>
</body>
</html>
HTML
}
}
''; '';
# have to specify node tags here because if there are two tailscale blocks it just dont work # have to specify node tags here because if there are two tailscale blocks it just dont work
globalConfig = '' globalConfig = ''
@ -67,6 +85,9 @@
tags tag:drone tags tag:drone
glance {
tags tag:drone tag:glance
}
grafana { grafana {
tags tag:drone tag:grafana tags tag:drone tag:grafana
} }

1
modules/nixos/services/homeserver/default.nix
View file

@ -9,6 +9,7 @@
./continuwuity.nix ./continuwuity.nix
./forgejo.nix ./forgejo.nix
./gameserver-caddy.nix ./gameserver-caddy.nix
./glance.nix
./jellyfin.nix ./jellyfin.nix
./kanidm.nix ./kanidm.nix
./nextcloud.nix ./nextcloud.nix

176
modules/nixos/services/homeserver/glance.nix Normal file
View file

@ -0,0 +1,176 @@
{ config, ... }:
{
sops.secrets."glance/secrets.env" = {};
services.caddy.virtualHosts."glance.taild5f7e6.ts.net".extraConfig = ''
import default-settings
bind tailscale/glance
reverse_proxy localhost:${toString config.services.glance.settings.server.port}
'';
services.glance = {
enable = true;
environmentFile = config.sops.secrets."glance/secrets.env".path;
settings = {
server = {
host = "127.0.0.1";
port = 8008;
proxied = true;
};
pages =
let
domain = "wo2wz.fyi";
tsDomain = "taild5f7e6.ts.net";
in [
{
name = "Home";
columns = [
{
size = "small";
widgets = [
{
# xkcd
type = "custom-api";
cache = "1h";
title = "XKCD";
title-url = "https://xkcd.com";
url = "https://xkcd.com/info.0.json";
template = ''
<body>{{ .JSON.String "title" }}</body>
<img src="{{ .JSON.String "img" }}"></img>
'';
}
{
type = "hacker-news";
cache = "30m";
limit = 10;
collapse-after = 5;
}
];
}
{
size = "full";
widgets = [
{
type = "search";
title-url = "https://searxng.${tsDomain}";
search-engine = "https://searxng.${tsDomain}/search?q={QUERY}";
autofocus = true;
}
{
type = "bookmarks";
same-tab = true;
groups = [
{
title = "Services";
links = [
{
title = "Proton Mail";
icon = "sh:proton-mail";
url = "https://mail.proton.me";
}
{
title = "Cloudflare Dashboard";
icon = "sh:cloudflare";
url = "https://dash.cloudflare.com";
}
{
title = "Tailscale Dashboard";
icon = "sh:tailscale";
url = "https://login.tailscale.com/admin";
}
];
}
{
title = "Self Hosted (Public)";
links = [
{
title = "Nextcloud";
icon = "sh:nextcloud";
url = "https://nextcloud.${domain}/index.php";
}
{
title = "Forgejo";
icon = "sh:forgejo";
url = "https://git.${domain}";
}
];
}
{
title = "Self Hosted (Private)";
links = [
{
title = "Vaultwarden";
icon = "sh:vaultwarden";
url = "https://vaultwarden.${tsDomain}";
}
{
title = "Jellyfin";
icon = "sh:jellyfin";
url = "https://jellyfin.${tsDomain}";
}
];
}
{
title = "Self Hosted (Monitoring)";
links = [
{
title = "Grafana";
icon = "sh:grafana";
url = "https://grafana.${tsDomain}";
}
{
title = "Uptime Kuma";
icon = "sh:uptime-kuma";
url = "https://uptime-kuma.${domain}";
}
];
}
];
}
];
}
{
size = "small";
widgets = [
{
type = "clock";
title = "Time and Weather";
hour-format = "24h";
timezones = [
{
timezone = "America/New_York";
label = "New York";
}
{
timezone = "Etc/UTC";
label = "UTC";
}
];
}
{
type = "calendar";
hide-header = true;
first-day-of-week = "sunday";
}
{
type = "weather";
hide-header = true;
location = "\${GLANCE_WEATHER_LOCATION}";
units = "imperial";
hour-format = "24h";
hide-location = true;
}
];
}
];
}
];
};
};
}

3
modules/nixos/services/homeserver/vaultwarden.nix
View file

@ -14,7 +14,8 @@
bind tailscale/vaultwarden bind tailscale/vaultwarden
# block connections to admin login # block connections to admin login
respond /admin/* 403 @admin path /admin /admin/*
respond @admin 403
reverse_proxy localhost:8000 reverse_proxy localhost:8000
''; '';

6
secrets/drone.yaml
View file

@ -9,6 +9,8 @@ cloudflared:
forgejo: forgejo:
secret-key: ENC[AES256_GCM,data:KFKTo9Qy6rLOmZmSfTIpJ7RLI+MEhttH9W9Orv6KJhoWG+7mzKNg8SK8ejcj4xVakerFd6XwOITTcmS+xQdpVg==,iv:KAJvvg0DfzF2aQPciCQyhZBlKPx4YNPSCX78Bqh3BGQ=,tag:kCeA8DqOtDPUUjRL4aAt9g==,type:str] secret-key: ENC[AES256_GCM,data:KFKTo9Qy6rLOmZmSfTIpJ7RLI+MEhttH9W9Orv6KJhoWG+7mzKNg8SK8ejcj4xVakerFd6XwOITTcmS+xQdpVg==,iv:KAJvvg0DfzF2aQPciCQyhZBlKPx4YNPSCX78Bqh3BGQ=,tag:kCeA8DqOtDPUUjRL4aAt9g==,type:str]
internal-token: ENC[AES256_GCM,data:OQYevugICOaLCQxSleATN1cKVDRvfV5paAas8Opzb1qOu+VmXCcJnoJEd7z0oswQo4Tar0ps9KvuYvOsCcJGChb9U2drFjRRpNQaVWZYG5uIZY2QHzA+Ak/a88JGu025czsAFxLbg5Uj,iv:xglBQ+pqoGZcRPu6GJLxSYs9f+G/CgZUze+hPkdn80Y=,tag:hvMdcV6yX1NjpD7zxRFNLA==,type:str] internal-token: ENC[AES256_GCM,data:OQYevugICOaLCQxSleATN1cKVDRvfV5paAas8Opzb1qOu+VmXCcJnoJEd7z0oswQo4Tar0ps9KvuYvOsCcJGChb9U2drFjRRpNQaVWZYG5uIZY2QHzA+Ak/a88JGu025czsAFxLbg5Uj,iv:xglBQ+pqoGZcRPu6GJLxSYs9f+G/CgZUze+hPkdn80Y=,tag:hvMdcV6yX1NjpD7zxRFNLA==,type:str]
glance:
secrets.env: ENC[AES256_GCM,data:GuSXJuflDiLszoqUCZV/c4ynsYCmaNJGFMFqIWBVTaVG/+HnPmaBQ2LF+C1x+AgwiiszQEV1JXQfPzfgPmqcLpgjTw==,iv:L6gwfqwkLyo38KQwvsMLs0G37dmt1Y6oIXNfKAqRnhU=,tag:EfRlAqy7rUZBwuD38ELV8w==,type:str]
grafana: grafana:
secrets.env: ENC[AES256_GCM,data:yv7u5+8l7M4PJ4BzCUlTGX8PeFxxVMtS2Pi4yKnvAeZf+4tcz6NFNRjyPeqTFinqmZ8yq+iYA1tBS5Gy9DTHo8TzmhoaWBPI/ZUXQgl5Y7lnGBOyZ6wHlllsP8zbC+zEWW+gRssaXj6yYBuvQTTzfSqSlmZdB7VwhUegiVxMs722jbys1Rl+NE8TKDc384IbwPRAIi6ZO+UH,iv:M/dgcJ++gMH5/sNQDUQvkiJW2n+fSkPCEDZBcFRXWuE=,tag:SocmiehkaCzl9ZB8dNZPZQ==,type:str] secrets.env: ENC[AES256_GCM,data:yv7u5+8l7M4PJ4BzCUlTGX8PeFxxVMtS2Pi4yKnvAeZf+4tcz6NFNRjyPeqTFinqmZ8yq+iYA1tBS5Gy9DTHo8TzmhoaWBPI/ZUXQgl5Y7lnGBOyZ6wHlllsP8zbC+zEWW+gRssaXj6yYBuvQTTzfSqSlmZdB7VwhUegiVxMs722jbys1Rl+NE8TKDc384IbwPRAIi6ZO+UH,iv:M/dgcJ++gMH5/sNQDUQvkiJW2n+fSkPCEDZBcFRXWuE=,tag:SocmiehkaCzl9ZB8dNZPZQ==,type:str]
kanidm: kanidm:
@ -45,7 +47,7 @@ sops:
N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-05T14:48:03Z" lastmodified: "2026-02-16T22:07:49Z"
mac: ENC[AES256_GCM,data:4xjci10r/reABYCATMOay5VGn/lhLLpojgSQ2QjVkgxyKM2zcJleJjOwbxdj+D55ntlxlJSEEhxBZ/Ie8BujqQv/01FQrdUwRWEFqD/aHtAhFkUjsEFlpHhN2mzXQpqFB4WQDrjkqKkPpcw9PmrNlf9TOjPrl4CS+9b2HtDnYmw=,iv:L/3c+amIPkP9n8A3ECLewi8NlsiVr9GCQOKs1N0jK+c=,tag:TS/wqMF+n8Sux7k4ANv6NA==,type:str] mac: ENC[AES256_GCM,data:eBcRGioZ1oIPOljdmY/o3lR5UIkm6H9QggE9uPXrJO5hHfi0CBsVkpHACFcd/H5qBd29LUGajHB5m3xbIJErPStsrl5lo32+QNW8sYybxf9MchqZuB7U2H7qfCGrS6TB82FoTc4WKkwWxcbJlLzrtp8cF/jY+xOpB6KisBTyrFg=,iv:r63ELQTJ006K5b8muq1hKHyCKhvW7CxeAlIDSbM39ac=,tag:cs2tyb+Ti4Gjz00AfivrLQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0