nixos-vps

Author	SHA1	Message	Date
ashisgreat22	219391bc85	refactor(adguard): migrate to native nixos service Replace the Podman container and manual YAML templating with the native NixOS module for better system integration and simpler declarative configuration.	2026-03-18 20:56:30 +01:00
ashisgreat22	7a505055f8	fix(adguard): fix string interpolation syntax error Fix a broken string concatenation that was causing a syntax error during NixOS evaluation. Co-Authored-By: Gemini CLI <noreply@google.com>	2026-03-18 20:49:31 +01:00
ashisgreat22	93bef3b301	fix(adguard): rewrite with correct lib.length syntax Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:51:53 +01:00
ashisgreat22	7bdbe767b6	fix(adguard): use lib.length instead of == for empty check Nix doesn't support == operator. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:27:47 +01:00
ashisgreat22	51e937c02f	fix(adguard): add empty clients list when no clients configured AdGuard Home fails with empty persistent list. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:27:21 +01:00
ashisgreat22	7b9b1e1909	fix(adguard): add newline before filtering section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:26:40 +01:00
ashisgreat22	a5d1f3e136	fix(adguard): fix YAML structure - clients at correct level Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:24:37 +01:00
ashisgreat22	ce152ba2b3	fix(adguard): fix template string concatenation Properly concatenate optionalString with content. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:23:51 +01:00
ashisgreat22	294b556542	fix(adguard): handle empty clients list Only render clients section when clients are configured. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:22:58 +01:00
ashisgreat22	23696e7e79	fix(adguard): remove --cap-drop=ALL flag AdGuard Home needs capabilities to run. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:20:41 +01:00
ashisgreat22	9b1d5ede54	fix(adguard): remove --read-only flag AdGuard Home needs write access to working directory. Config file remains read-only via :ro mount. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:19:30 +01:00
ashisgreat22	d413d5ec1b	feat(modules): register adguard module in default.nix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:09:04 +01:00
ashisgreat22	1ed9acdcda	feat(modules): add AdGuard Home module with DoH and ClientID support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:07:59 +01:00
ashisgreat22	fd056367d2	feat: add backup module with Restic + Backblaze B2 - Encrypted backups to B2 - Configurable retention (daily/weekly/monthly) - SOPS-managed credentials - Automatic pruning Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 14:11:11 +01:00
ashisgreat22	f82b822d16	feat: add firewall bouncer to CrowdSec module - Enable crowdsec-firewall-bouncer by default - Auto-registers bouncer with local CrowdSec API - Blocks malicious IPs at iptables/nftables level Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:58:13 +01:00
ashisgreat22	8a933fd9de	fix: enable CrowdSec Local API for cscli Add LAPI server configuration with credentials file path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:53:15 +01:00
ashisgreat22	e0de37b15f	fix: simplify CrowdSec module Remove LAPI server config causing null coercion error. Detection-only mode for now; bouncer can be added later. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:50:44 +01:00
ashisgreat22	211693ef3b	feat: add CrowdSec security module - Wraps native NixOS CrowdSec service - Configures SSH and nginx log acquisition - Installs linux/nginx/sshd hub collections - Supports IP whitelisting and ban duration config - Optional nginx bouncer integration (requires manual API key setup) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:44:36 +01:00
ashisgreat22	db4f0f8f61	fix: remove duplicate SOPS declaration, clean up unused param - Remove redundant vaultwarden_admin_token from configuration.nix (already declared in module) - Remove unused pkgs parameter from vaultwarden module Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 12:37:09 +01:00
ashisgreat22	e2facd1fa9	feat: add Vaultwarden module - Add native NixOS Vaultwarden service module - Supports WebSocket for real-time sync notifications - Integrates with nginx via extraLocations for /notifications/hub - Configurable signup, invitations, and SMTP settings - Uses SOPS for admin token secret management Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 12:07:26 +01:00
ashisgreat22	cbce4aa228	feat(nginx): add extraLocations option for WebSocket support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 03:19:31 +01:00
ashisgreat22	a87fd37489	Add Brave Search web search to OpenClaw - Enable web_search tool with Brave provider - Add openclaw_brave_api_key secret to SOPS configuration - Add BRAVE_API_KEY to openclaw.env template Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:50:09 +01:00
ashisgreat22	4d9c61da10	Fix exec config: use valid options (security: full, ask: off) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:36:59 +01:00
ashisgreat22	3ef4234d07	Enable elevated tools with auto-approve (no permission prompts) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:36:04 +01:00
ashisgreat22	a91e6ac883	Add Discord token to config with env variable substitution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:29:15 +01:00
ashisgreat22	9f734de29e	Add allowFrom for Discord dmPolicy=open Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:26:40 +01:00
ashisgreat22	b5901efde8	Fix JSON syntax: add missing closing brace in openclaw-config.json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:24:55 +01:00
ashisgreat22	99a424aa34	Add channels.discord config to Openclaw	2026-03-18 01:58:51 +01:00
ashisgreat22	19bcc4c5fc	Use loopback binding for OpenClaw (no auth required)	2026-03-18 01:54:55 +01:00
ashisgreat22	636fbd0597	Fix gateway.bind to use 'lan' mode instead of legacy format	2026-03-18 01:52:26 +01:00
ashisgreat22	175c0acf22	Fix OpenClaw config volume path to /home/node	2026-03-18 01:47:37 +01:00
ashisgreat22	ae5e61cb6e	Fix openclaw config syntax - use external json file - Move openclaw config to separate json file - Reference file directly in podman module - Remove problematic builtins.toJSON with nested arrays Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 01:37:46 +01:00
ashisgreat22	a595445bd2	Convert Openclaw to Podman container - Use official ghcr.io/openclaw/openclaw image - configure via JSON config file - containerized for better isolation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 01:35:02 +01:00
ashisgreat22	11a588a4d9	Fix api type to openai-completions	2026-03-17 21:38:46 +01:00
ashisgreat22	396d1bd048	Copy config to OpenClaw's actual config location	2026-03-17 21:35:28 +01:00
ashisgreat22	d7c3bd0775	Fix EnvironmentFile merge with mkMerge	2026-03-17 21:26:51 +01:00
ashisgreat22	2dd8ef2797	Add --allow-unconfigured flag to openclaw	2026-03-17 21:19:08 +01:00
ashisgreat22	50b99b008c	Run openclaw gateway in foreground mode	2026-03-17 21:17:12 +01:00
ashisgreat22	ff397d7d8c	Add bash to PATH for shell scripts	2026-03-17 21:15:11 +01:00
ashisgreat22	36880c0135	Fix PATH environment variable for git access	2026-03-17 21:13:47 +01:00
ashisgreat22	cd801d325b	Add git to OpenClaw service PATH for npm deps	2026-03-17 21:12:18 +01:00
ashisgreat22	cf27c28389	Add home dir to ReadWritePaths for npm cache	2026-03-17 21:08:25 +01:00
ashisgreat22	b9976c04ef	Fix cp command shell syntax in OpenClaw	2026-03-17 21:07:26 +01:00
ashisgreat22	416432be17	Fix OpenClaw systemd service configuration	2026-03-17 21:06:14 +01:00
ashisgreat22	da5a408853	Set maxTokens to 128k for all z.ai models	2026-03-17 21:04:00 +01:00
ashisgreat22	a26e75b7a7	Update z.ai API URL and models Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 21:03:26 +01:00
ashisgreat22	1d11816a55	Remove OpenAI, use z.ai for OpenClaw Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 20:59:05 +01:00
ashisgreat22	3a885463f0	Add OpenClaw AI Agent module - Systemd service running OpenClaw gateway - Configurable via sops secrets - Runs on localhost:18789 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 20:55:15 +01:00
ashisgreat22	f013863986	Simplify SearXNG module to use root-based podman Remove complex rootless container setup that was causing dependency issues with user-runtime-dir services. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 20:17:20 +01:00
ashisgreat22	24d01ac630	Add modular service configuration with SearXNG and Nginx - Create modules/ directory with reusable NixOS modules - Add system module for main user configuration - Add podman module for rootless container support - Add nginx module with automatic Let's Encrypt SSL - Add searxng module with Anubis AI firewall protection - Configure SearXNG at search.ashisgreat.xyz - Enable nginx reverse proxy with HTTPS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 19:47:43 +01:00

50 commits