ashie/nixos-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
73 commits 1 branch 0 tags 134 KiB
Commit graph

73 commits

This branch
This branch
All branches
Author SHA1 Message Date
ashisgreat22
ce152ba2b3 fix(adguard): fix template string concatenation 
Properly concatenate optionalString with content.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:23:51 +01:00
ashisgreat22
294b556542 fix(adguard): handle empty clients list 
Only render clients section when clients are configured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:22:58 +01:00
ashisgreat22
23696e7e79 fix(adguard): remove --cap-drop=ALL flag 
AdGuard Home needs capabilities to run.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:20:41 +01:00
ashisgreat22
9b1d5ede54 fix(adguard): remove --read-only flag 
AdGuard Home needs write access to working directory.
Config file remains read-only via :ro mount.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:19:30 +01:00
ashisgreat22
8b3df01823 chore(secrets): add AdGuard ClientID secrets 2026-03-18 18:14:48 +00:00
ashisgreat22
9189a9c49d feat(config): enable AdGuard Home module with two clients 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:09:59 +01:00
ashisgreat22
d413d5ec1b feat(modules): register adguard module in default.nix 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:09:04 +01:00
ashisgreat22
1ed9acdcda feat(modules): add AdGuard Home module with DoH and ClientID support 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:07:59 +01:00
ashisgreat22
30d5ce8134 docs: add AdGuard Home implementation plan 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:06:42 +01:00
ashisgreat22
4eeeef121e docs: add explicit podman dependency in implementation 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:03:57 +01:00
ashisgreat22
fd5d3f3a7c docs: fix remaining spec issues 
- Remove unused tmpfiles rule (using named volume)
- Remove redundant firewall config (nginx module handles 443)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:03:00 +01:00
ashisgreat22
70016fe9c4 docs: fix spec review issues 
- Fix YAML indentation in SOPS template
- Add myModules.podman.enable dependency
- Remove unused tmpfiles rule (using named volume)
- Remove redundant firewall config (nginx module handles 443)
- Fix lib.types.listOf parentheses

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:01:39 +01:00
ashisgreat22
51e723ddad docs: address spec review feedback for AdGuard module 
- Add complete container definition with security options
- Add SOPS template code with ClientID interpolation
- Fix nginx location to use regex for /dns-query/{clientId}
- Add volume persistence for stats/logs
- Add proxy_http_version for DoH
- Document security considerations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 19:00:15 +01:00
ashisgreat22
053198d013 docs: add AdGuard Home module design spec 
Design for private DoH server with ClientID-based access control.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 18:57:54 +01:00
ashisgreat22
638d588d81 fix(backup): use new B2 bucket for restic repository 
Switch to nixos-vps-backup2 bucket to resolve password mismatch
with existing repository.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 18:10:54 +01:00
ashisgreat22
d2d02f8a60 chore: add backup secrets 2026-03-18 13:19:46 +00:00
ashisgreat22
8030657042 chore: add backup secrets 2026-03-18 13:18:53 +00:00
ashisgreat22
70ef850994 feat: enable B2 backups 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 14:17:10 +01:00
ashisgreat22
fd056367d2 feat: add backup module with Restic + Backblaze B2 
- Encrypted backups to B2
- Configurable retention (daily/weekly/monthly)
- SOPS-managed credentials
- Automatic pruning

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 14:11:11 +01:00
ashisgreat22
f82b822d16 feat: add firewall bouncer to CrowdSec module 
- Enable crowdsec-firewall-bouncer by default
- Auto-registers bouncer with local CrowdSec API
- Blocks malicious IPs at iptables/nftables level

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 13:58:13 +01:00
ashisgreat22
8a933fd9de fix: enable CrowdSec Local API for cscli 
Add LAPI server configuration with credentials file path.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 13:53:15 +01:00
ashisgreat22
e0de37b15f fix: simplify CrowdSec module 
Remove LAPI server config causing null coercion error.
Detection-only mode for now; bouncer can be added later.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 13:50:44 +01:00
ashisgreat22
9a57a2c511 . 2026-03-18 12:49:08 +00:00
ashisgreat22
211693ef3b feat: add CrowdSec security module 
- Wraps native NixOS CrowdSec service
- Configures SSH and nginx log acquisition
- Installs linux/nginx/sshd hub collections
- Supports IP whitelisting and ban duration config
- Optional nginx bouncer integration (requires manual API key setup)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 13:44:36 +01:00
ashisgreat22
db4f0f8f61 fix: remove duplicate SOPS declaration, clean up unused param 
- Remove redundant vaultwarden_admin_token from configuration.nix
  (already declared in module)
- Remove unused pkgs parameter from vaultwarden module

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 12:37:09 +01:00
ashisgreat22
45b6997fac chore: disable Vaultwarden signup 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 12:12:19 +01:00
ashisgreat22
ea7ca739ba feat: enable Vaultwarden in configuration 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 12:08:22 +01:00
ashisgreat22
e2facd1fa9 feat: add Vaultwarden module 
- Add native NixOS Vaultwarden service module
- Supports WebSocket for real-time sync notifications
- Integrates with nginx via extraLocations for /notifications/hub
- Configurable signup, invitations, and SMTP settings
- Uses SOPS for admin token secret management

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 12:07:26 +01:00
ashisgreat22
cbce4aa228 feat(nginx): add extraLocations option for WebSocket support 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 03:19:31 +01:00
ashisgreat22
a2a0dfaa58 docs: update Vaultwarden plan with nginx extraLocations fix 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 03:15:34 +01:00
ashisgreat22
5b584cdb11 Update Vaultwarden spec with review feedback 
- Add module header comment pattern
- Clarify Nginx WebSocket integration with concrete example
- Add SOPS secrets and templates declarations
- Update Files to Modify table

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 03:06:55 +01:00
ashisgreat22
2304648927 Add Vaultwarden module design spec 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 03:04:01 +01:00
ashisgreat22
2bfcc7c2ff update 2026-03-18 01:51:16 +00:00
ashisgreat22
a87fd37489 Add Brave Search web search to OpenClaw 
- Enable web_search tool with Brave provider
- Add openclaw_brave_api_key secret to SOPS configuration
- Add BRAVE_API_KEY to openclaw.env template

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:50:09 +01:00
ashisgreat22
2d7a67bac9 Add CLAUDE.md for future Claude Code instances 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:42:21 +01:00
ashisgreat22
4d9c61da10 Fix exec config: use valid options (security: full, ask: off) 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:36:59 +01:00
ashisgreat22
3ef4234d07 Enable elevated tools with auto-approve (no permission prompts) 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:36:04 +01:00
ashisgreat22
a91e6ac883 Add Discord token to config with env variable substitution 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:29:15 +01:00
ashisgreat22
9f734de29e Add allowFrom for Discord dmPolicy=open 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:26:40 +01:00
ashisgreat22
b5901efde8 Fix JSON syntax: add missing closing brace in openclaw-config.json 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 02:24:55 +01:00
ashisgreat22
99a424aa34 Add channels.discord config to Openclaw 2026-03-18 01:58:51 +01:00
ashisgreat22
19bcc4c5fc Use loopback binding for OpenClaw (no auth required) 2026-03-18 01:54:55 +01:00
ashisgreat22
636fbd0597 Fix gateway.bind to use 'lan' mode instead of legacy format 2026-03-18 01:52:26 +01:00
ashisgreat22
175c0acf22 Fix OpenClaw config volume path to /home/node 2026-03-18 01:47:37 +01:00
ashisgreat22
ae5e61cb6e Fix openclaw config syntax - use external json file 
- Move openclaw config to separate json file
- Reference file directly in podman module
- Remove problematic builtins.toJSON with nested arrays

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 01:37:46 +01:00
ashisgreat22
a595445bd2 Convert Openclaw to Podman container 
- Use official ghcr.io/openclaw/openclaw image
- configure via JSON config file
- containerized for better isolation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 01:35:02 +01:00
ashisgreat22
11a588a4d9 Fix api type to openai-completions 2026-03-17 21:38:46 +01:00
ashisgreat22
396d1bd048 Copy config to OpenClaw's actual config location 2026-03-17 21:35:28 +01:00
ashisgreat22
68240b7319 Set openclaw as owner of sops template 2026-03-17 21:32:37 +01:00
ashisgreat22
d7c3bd0775 Fix EnvironmentFile merge with mkMerge 2026-03-17 21:26:51 +01:00