nixos-vps

Author	SHA1	Message	Date
ashisgreat22	e82bbec626	Cleanup	2026-03-18 21:23:53 +01:00
ashisgreat22	1c56d477fa	Cleanup	2026-03-18 21:23:37 +01:00
ashisgreat22	e1d18c18be	Cleanup	2026-03-18 21:22:19 +01:00
ashisgreat22	1792180144	Cleanup	2026-03-18 21:20:42 +01:00
ashisgreat22	1942425605	feat(adguard): enable DoT and fix ClientID injection - Enable DNS-over-TLS (DoT) on port 853 using Nginx's ACME certificates - Fix an issue where the native NixOS module dropped SOPS client IDs - Use sops.templates and yq to inject ClientIDs dynamically before start - Enable allow_unencrypted_doh to fix Nginx proxying DoH correctly	2026-03-18 21:12:31 +01:00
ashisgreat22	5dd91f74b1	fix(adguard): resolve port 53 conflict Change AdGuard Home DNS listener to bind to 127.0.0.1:5353 to avoid conflicting with existing services on port 53, since we only expose DoH via Nginx.	2026-03-18 20:58:07 +01:00
ashisgreat22	219391bc85	refactor(adguard): migrate to native nixos service Replace the Podman container and manual YAML templating with the native NixOS module for better system integration and simpler declarative configuration.	2026-03-18 20:56:30 +01:00
ashisgreat22	7a505055f8	fix(adguard): fix string interpolation syntax error Fix a broken string concatenation that was causing a syntax error during NixOS evaluation. Co-Authored-By: Gemini CLI <noreply@google.com>	2026-03-18 20:49:31 +01:00
ashisgreat22	93bef3b301	fix(adguard): rewrite with correct lib.length syntax Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:51:53 +01:00
ashisgreat22	7bdbe767b6	fix(adguard): use lib.length instead of == for empty check Nix doesn't support == operator. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:27:47 +01:00
ashisgreat22	51e937c02f	fix(adguard): add empty clients list when no clients configured AdGuard Home fails with empty persistent list. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:27:21 +01:00
ashisgreat22	7b9b1e1909	fix(adguard): add newline before filtering section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:26:40 +01:00
ashisgreat22	a5d1f3e136	fix(adguard): fix YAML structure - clients at correct level Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:24:37 +01:00
ashisgreat22	ce152ba2b3	fix(adguard): fix template string concatenation Properly concatenate optionalString with content. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:23:51 +01:00
ashisgreat22	294b556542	fix(adguard): handle empty clients list Only render clients section when clients are configured. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:22:58 +01:00
ashisgreat22	23696e7e79	fix(adguard): remove --cap-drop=ALL flag AdGuard Home needs capabilities to run. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:20:41 +01:00
ashisgreat22	9b1d5ede54	fix(adguard): remove --read-only flag AdGuard Home needs write access to working directory. Config file remains read-only via :ro mount. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:19:30 +01:00
ashisgreat22	d413d5ec1b	feat(modules): register adguard module in default.nix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:09:04 +01:00
ashisgreat22	1ed9acdcda	feat(modules): add AdGuard Home module with DoH and ClientID support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:07:59 +01:00
ashisgreat22	fd056367d2	feat: add backup module with Restic + Backblaze B2 - Encrypted backups to B2 - Configurable retention (daily/weekly/monthly) - SOPS-managed credentials - Automatic pruning Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 14:11:11 +01:00
ashisgreat22	f82b822d16	feat: add firewall bouncer to CrowdSec module - Enable crowdsec-firewall-bouncer by default - Auto-registers bouncer with local CrowdSec API - Blocks malicious IPs at iptables/nftables level Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:58:13 +01:00
ashisgreat22	8a933fd9de	fix: enable CrowdSec Local API for cscli Add LAPI server configuration with credentials file path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:53:15 +01:00
ashisgreat22	e0de37b15f	fix: simplify CrowdSec module Remove LAPI server config causing null coercion error. Detection-only mode for now; bouncer can be added later. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:50:44 +01:00
ashisgreat22	211693ef3b	feat: add CrowdSec security module - Wraps native NixOS CrowdSec service - Configures SSH and nginx log acquisition - Installs linux/nginx/sshd hub collections - Supports IP whitelisting and ban duration config - Optional nginx bouncer integration (requires manual API key setup) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 13:44:36 +01:00
ashisgreat22	db4f0f8f61	fix: remove duplicate SOPS declaration, clean up unused param - Remove redundant vaultwarden_admin_token from configuration.nix (already declared in module) - Remove unused pkgs parameter from vaultwarden module Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 12:37:09 +01:00
ashisgreat22	e2facd1fa9	feat: add Vaultwarden module - Add native NixOS Vaultwarden service module - Supports WebSocket for real-time sync notifications - Integrates with nginx via extraLocations for /notifications/hub - Configurable signup, invitations, and SMTP settings - Uses SOPS for admin token secret management Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 12:07:26 +01:00
ashisgreat22	cbce4aa228	feat(nginx): add extraLocations option for WebSocket support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 03:19:31 +01:00
ashisgreat22	a87fd37489	Add Brave Search web search to OpenClaw - Enable web_search tool with Brave provider - Add openclaw_brave_api_key secret to SOPS configuration - Add BRAVE_API_KEY to openclaw.env template Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:50:09 +01:00
ashisgreat22	4d9c61da10	Fix exec config: use valid options (security: full, ask: off) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:36:59 +01:00
ashisgreat22	3ef4234d07	Enable elevated tools with auto-approve (no permission prompts) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:36:04 +01:00
ashisgreat22	a91e6ac883	Add Discord token to config with env variable substitution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:29:15 +01:00
ashisgreat22	9f734de29e	Add allowFrom for Discord dmPolicy=open Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:26:40 +01:00
ashisgreat22	b5901efde8	Fix JSON syntax: add missing closing brace in openclaw-config.json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 02:24:55 +01:00
ashisgreat22	99a424aa34	Add channels.discord config to Openclaw	2026-03-18 01:58:51 +01:00
ashisgreat22	19bcc4c5fc	Use loopback binding for OpenClaw (no auth required)	2026-03-18 01:54:55 +01:00
ashisgreat22	636fbd0597	Fix gateway.bind to use 'lan' mode instead of legacy format	2026-03-18 01:52:26 +01:00
ashisgreat22	175c0acf22	Fix OpenClaw config volume path to /home/node	2026-03-18 01:47:37 +01:00
ashisgreat22	ae5e61cb6e	Fix openclaw config syntax - use external json file - Move openclaw config to separate json file - Reference file directly in podman module - Remove problematic builtins.toJSON with nested arrays Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 01:37:46 +01:00
ashisgreat22	a595445bd2	Convert Openclaw to Podman container - Use official ghcr.io/openclaw/openclaw image - configure via JSON config file - containerized for better isolation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 01:35:02 +01:00
ashisgreat22	11a588a4d9	Fix api type to openai-completions	2026-03-17 21:38:46 +01:00
ashisgreat22	396d1bd048	Copy config to OpenClaw's actual config location	2026-03-17 21:35:28 +01:00
ashisgreat22	d7c3bd0775	Fix EnvironmentFile merge with mkMerge	2026-03-17 21:26:51 +01:00
ashisgreat22	2dd8ef2797	Add --allow-unconfigured flag to openclaw	2026-03-17 21:19:08 +01:00
ashisgreat22	50b99b008c	Run openclaw gateway in foreground mode	2026-03-17 21:17:12 +01:00
ashisgreat22	ff397d7d8c	Add bash to PATH for shell scripts	2026-03-17 21:15:11 +01:00
ashisgreat22	36880c0135	Fix PATH environment variable for git access	2026-03-17 21:13:47 +01:00
ashisgreat22	cd801d325b	Add git to OpenClaw service PATH for npm deps	2026-03-17 21:12:18 +01:00
ashisgreat22	cf27c28389	Add home dir to ReadWritePaths for npm cache	2026-03-17 21:08:25 +01:00
ashisgreat22	b9976c04ef	Fix cp command shell syntax in OpenClaw	2026-03-17 21:07:26 +01:00
ashisgreat22	416432be17	Fix OpenClaw systemd service configuration	2026-03-17 21:06:14 +01:00

1 2

56 commits