harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nix fmt

Browse source
This commit is contained in:
Harald Hoyer 2026-02-24 13:25:42 +01:00
parent 27343e49bd
commit 04150f10d4
32 changed files with 475 additions and 404 deletions
Download patch file Download diff file Expand all files Collapse all files

12
systems/x86_64-linux/halo/wyoming.nix
View file

@ -4,12 +4,12 @@
whisper-cpp = {
package = pkgs.wyoming-whisper-rs;
servers.main = {
enable = true;
model = "/var/lib/wyoming/whisper-cpp/ggml-large-v3.bin";
uri = "tcp://0.0.0.0:10300";
language = "de";
};
};
enable = true;
model = "/var/lib/wyoming/whisper-cpp/ggml-large-v3.bin";
uri = "tcp://0.0.0.0:10300";
language = "de";
};
};
piper.servers."main" = {
enable = true;

106
systems/x86_64-linux/mx/acme.nix
View file

@ -10,58 +10,58 @@
metacfg.services.acmeBase.credentialsFile = config.sops.secrets.internetbs.path;
security.acme.certs = {
"surfsite.org" = {
extraDomainNames = [ "*.surfsite.org" ];
};
"hartwin-hoyer.de" = {
extraDomainNames = [ "*.hartwin-hoyer.de" ];
};
"herward-hoyer.de" = {
extraDomainNames = [ "*.herward-hoyer.de" ];
};
"varlink.org" = {
extraDomainNames = [ "*.varlink.org" ];
};
"meike-hoyer.de" = { };
"hoyer.xyz" = {
extraDomainNames = [
"*.hoyer.xyz"
"*.harald.hoyer.xyz"
"*.hartwin.hoyer.xyz"
];
};
"hoyer.world" = {
extraDomainNames = [
"*.hoyer.world"
"*.harald.hoyer.world"
"*.hartwin.hoyer.world"
];
};
"hoyer.social" = {
extraDomainNames = [
"*.hoyer.social"
"*.harald.hoyer.social"
"*.hartwin.hoyer.social"
];
};
"hoyer.photos" = {
extraDomainNames = [
"*.hoyer.photos"
"*.harald.hoyer.photos"
"*.hartwin.hoyer.photos"
];
};
"harald-hoyer.de" = {
extraDomainNames = [ "*.harald-hoyer.de" ];
};
"surfsite.org" = {
extraDomainNames = [ "*.surfsite.org" ];
};
"hartwin-hoyer.de" = {
extraDomainNames = [ "*.hartwin-hoyer.de" ];
};
"herward-hoyer.de" = {
extraDomainNames = [ "*.herward-hoyer.de" ];
};
"varlink.org" = {
extraDomainNames = [ "*.varlink.org" ];
};
"meike-hoyer.de" = { };
"hoyer.xyz" = {
extraDomainNames = [
"*.hoyer.xyz"
"*.harald.hoyer.xyz"
"*.hartwin.hoyer.xyz"
];
};
"hoyer.world" = {
extraDomainNames = [
"*.hoyer.world"
"*.harald.hoyer.world"
"*.hartwin.hoyer.world"
];
};
"hoyer.social" = {
extraDomainNames = [
"*.hoyer.social"
"*.harald.hoyer.social"
"*.hartwin.hoyer.social"
];
};
"hoyer.photos" = {
extraDomainNames = [
"*.hoyer.photos"
"*.harald.hoyer.photos"
"*.hartwin.hoyer.photos"
];
};
"harald-hoyer.de" = {
extraDomainNames = [ "*.harald-hoyer.de" ];
};
};
}

9
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,7 +1,8 @@
{ pkgs
, lib
, config
, ...
{
pkgs,
lib,
config,
...
}:
{
sops.secrets."coturn/static-auth-secret" = {

2
systems/x86_64-linux/mx/nextcloud-claude-bot/default.nix
View file

@ -6,7 +6,7 @@
enable = true;
nextcloudUrl = "https://nc.hoyer.xyz";
botSecretFile = config.sops.secrets."nextcloud-claude-bot/secret".path;
allowedUsers = []; # Allow all registered users
allowedUsers = [ ]; # Allow all registered users
# Optional extra instructions (base prompt is hardcoded in bot.py)
# systemPrompt = "Additional custom instructions here";
};

18
systems/x86_64-linux/mx/nextcloud-claude-bot/example-config.nix
View file

@ -13,10 +13,10 @@
# 1. Use the official package if available in nixpkgs
# 2. Package it yourself
# 3. Use a binary wrapper
# Option 1: If claude-code is in nixpkgs (check latest state)
# environment.systemPackages = [ pkgs.claude-code ];
# Option 2: Manual binary installation wrapper
nixpkgs.overlays = [
(final: prev: {
@ -30,22 +30,22 @@
# Create bot secret
# Generate with: openssl rand -hex 32
# Store in a file, e.g., /var/secrets/nextcloud-claude-bot
services.nextcloud-claude-bot = {
enable = true;
port = 8085;
host = "127.0.0.1";
nextcloudUrl = "https://cloud.example.com";
botSecretFile = "/var/secrets/nextcloud-claude-bot";
# Only allow specific users
allowedUsers = [ "harald" ];
# Claude settings
maxTokens = 4096;
timeout = 120;
# Optional system prompt
systemPrompt = ''
Du bist ein hilfreicher Assistent. Antworte auf Deutsch,
@ -62,7 +62,7 @@
# If you need external access (e.g., Nextcloud on different server):
services.nginx.virtualHosts."cloud.example.com" = {
# ... your existing Nextcloud config ...
locations."/_claude-bot/" = {
proxyPass = "http://127.0.0.1:8085/";
extraConfig = ''
@ -70,7 +70,7 @@
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Only allow from Nextcloud itself
allow 127.0.0.1;
deny all;

55
systems/x86_64-linux/mx/nextcloud-claude-bot/module.nix
View file

@ -1,61 +1,72 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.nextcloud-claude-bot;
pythonEnv = pkgs.python3.withPackages (ps: with ps; [
fastapi
uvicorn
httpx
]);
pythonEnv = pkgs.python3.withPackages (
ps: with ps; [
fastapi
uvicorn
httpx
]
);
botModule = pkgs.runCommand "nextcloud-claude-bot-module" {} ''
botModule = pkgs.runCommand "nextcloud-claude-bot-module" { } ''
mkdir -p $out
cp ${./bot.py} $out/nextcloud_claude_bot.py
'';
in {
in
{
options.services.nextcloud-claude-bot = {
enable = mkEnableOption "Nextcloud Talk Claude Bot";
port = mkOption {
type = types.port;
default = 8085;
description = "Port for the webhook listener";
};
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = "Host to bind to";
};
nextcloudUrl = mkOption {
type = types.str;
example = "https://cloud.example.com";
description = "Base URL of your Nextcloud instance";
};
botSecretFile = mkOption {
type = types.path;
description = "Path to file containing the bot secret (shared with Nextcloud)";
};
claudePath = mkOption {
type = types.path;
default = "${pkgs.claude-code}/bin/claude";
description = "Path to claude CLI binary";
};
allowedUsers = mkOption {
type = types.listOf types.str;
default = [];
example = [ "harald" "admin" ];
default = [ ];
example = [
"harald"
"admin"
];
description = "Nextcloud usernames allowed to talk to the bot (empty = all)";
};
contextMessages = mkOption {
type = types.int;
default = 6;
@ -67,7 +78,7 @@ in {
default = 120;
description = "Timeout in seconds for Claude CLI";
};
systemPrompt = mkOption {
type = types.nullOr types.str;
default = null;
@ -75,13 +86,13 @@ in {
description = "Optional system prompt for Claude";
};
};
config = mkIf cfg.enable {
systemd.services.nextcloud-claude-bot = {
description = "Nextcloud Talk Claude Bot";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
HOME = "/var/lib/nextcloud-claude-bot";
BOT_HOST = cfg.host;
@ -133,8 +144,8 @@ in {
home = "/var/lib/nextcloud-claude-bot";
};
users.groups.claude-bot = {};
users.groups.claude-bot = { };
# Nginx reverse proxy config (optional, if you want external access)
# services.nginx.virtualHosts."cloud.example.com".locations."/claude-bot/" = {
# proxyPass = "http://${cfg.host}:${toString cfg.port}/";

268
systems/x86_64-linux/mx/nginx.nix
View file

@ -1,145 +1,145 @@
{ ... }:
{
services.nginx.virtualHosts = {
"00000" = {
useACMEHost = "hoyer.xyz";
serverName = "_";
globalRedirect = "hoyer.xyz";
addSSL = true;
};
"00000" = {
useACMEHost = "hoyer.xyz";
serverName = "_";
globalRedirect = "hoyer.xyz";
addSSL = true;
};
"hoyer.photos" = {
enableACME = false;
useACMEHost = "hoyer.photos";
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
};
"hoyer.photos" = {
enableACME = false;
useACMEHost = "hoyer.photos";
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
};
"hoyer.world" = {
enableACME = false;
useACMEHost = "hoyer.world";
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
};
"hoyer.world" = {
enableACME = false;
useACMEHost = "hoyer.world";
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
};
"hoyer.social" = {
enableACME = false;
useACMEHost = "hoyer.social";
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
};
"hoyer.social" = {
enableACME = false;
useACMEHost = "hoyer.social";
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
};
"hoyer.xyz" = {
# serverName = "hoyer.xyz";
serverAliases = [ "www.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
locations."/stats" = {
basicAuthFile = "/var/www/hoyer.xyz/stats.htaccess";
};
locations."/.well-known/webfinger" = {
return = "307 https://nc.hoyer.xyz/.well-known/webfinger";
};
"hoyer.xyz" = {
# serverName = "hoyer.xyz";
serverAliases = [ "www.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
root = "/var/www/hoyer.xyz/html";
locations."/stats" = {
basicAuthFile = "/var/www/hoyer.xyz/stats.htaccess";
};
"surfsite.org" = {
useACMEHost = "surfsite.org";
enableACME = false;
forceSSL = true;
root = "/var/www/surfsite.org";
};
"kicker.surfsite.org" = {
useACMEHost = "surfsite.org";
enableACME = false;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8087/";
};
};
"git.hoyer.xyz" = {
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001/";
};
};
"webmail.hoyer.xyz" = {
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
};
"harald.hoyer.photos" = {
enableACME = true;
forceSSL = true;
root = "/var/www/photo.harald-hoyer.de/html";
};
"photo.harald-hoyer.de" = {
useACMEHost = "harald-hoyer.de";
forceSSL = true;
root = "/var/www/photo.harald-hoyer.de/html";
};
"photo-harald.hoyer.xyz" = {
serverAliases = [ "photo.harald.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
forceSSL = true;
root = "/var/www/photo.harald-hoyer.de/html";
};
"harald-hoyer.de" = {
serverAliases = [ "www.harald-hoyer.de" ];
useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz";
forceSSL = true;
};
"harald.hoyer.xyz" = {
serverAliases = [ "www.harald.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = ''
rewrite ^/feed/rss$ /rss.xml permanent;
rewrite ^/feed/rss/$ /rss.xml permanent;
rewrite ^/feed/$ /rss.xml permanent;
rewrite ^/feed/rss/index.html$ /rss.xml permanent;
rewrite ^/fedora/fedora/RSS2$ /tags/fedora/rss.xml permanent;
rewrite ^/linux/linux/RSS2$ /tags/linux/rss.xml permanent;
rewrite ^/linux/feed$ /tags/linux/rss.xml permanent;
rewrite ^/wp-rss2.php$ /rss.xml permanent;
rewrite ^/aggregator/rss.xml$ /rss.xml permanent;
rewrite ^/personal/blog/aggregator/RSS$ /rss.xml permanent;
rewrite ^/personal/blog/aggregator/RSS2$ /rss.xml permanent;
rewrite ^/aggregator/RSS$ /rss.xml permanent;
rewrite ^/aggregator/RSS2$ /rss.xml permanent;
rewrite ^/wp-commentsrss2.php$ /rss.xml permanent;
'';
forceSSL = true;
};
"hartwin-hoyer.de" = {
serverAliases = [ "www.hartwin-hoyer.de" ];
useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true;
};
"hartwin.hoyer.xyz" = {
serverAliases = [
"testhartwin.hoyer.xyz"
"www.hartwin.hoyer.xyz"
];
useACMEHost = "hoyer.xyz";
root = "/var/www/hartwin.hoyer.xyz/html/";
forceSSL = true;
};
"nc.hoyer.xyz" = {
useACMEHost = "hoyer.xyz";
forceSSL = true;
locations."/.well-known/webfinger" = {
return = "307 https://nc.hoyer.xyz/.well-known/webfinger";
};
};
"surfsite.org" = {
useACMEHost = "surfsite.org";
enableACME = false;
forceSSL = true;
root = "/var/www/surfsite.org";
};
"kicker.surfsite.org" = {
useACMEHost = "surfsite.org";
enableACME = false;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8087/";
};
};
"git.hoyer.xyz" = {
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001/";
};
};
"webmail.hoyer.xyz" = {
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
};
"harald.hoyer.photos" = {
enableACME = true;
forceSSL = true;
root = "/var/www/photo.harald-hoyer.de/html";
};
"photo.harald-hoyer.de" = {
useACMEHost = "harald-hoyer.de";
forceSSL = true;
root = "/var/www/photo.harald-hoyer.de/html";
};
"photo-harald.hoyer.xyz" = {
serverAliases = [ "photo.harald.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
forceSSL = true;
root = "/var/www/photo.harald-hoyer.de/html";
};
"harald-hoyer.de" = {
serverAliases = [ "www.harald-hoyer.de" ];
useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz";
forceSSL = true;
};
"harald.hoyer.xyz" = {
serverAliases = [ "www.harald.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = ''
rewrite ^/feed/rss$ /rss.xml permanent;
rewrite ^/feed/rss/$ /rss.xml permanent;
rewrite ^/feed/$ /rss.xml permanent;
rewrite ^/feed/rss/index.html$ /rss.xml permanent;
rewrite ^/fedora/fedora/RSS2$ /tags/fedora/rss.xml permanent;
rewrite ^/linux/linux/RSS2$ /tags/linux/rss.xml permanent;
rewrite ^/linux/feed$ /tags/linux/rss.xml permanent;
rewrite ^/wp-rss2.php$ /rss.xml permanent;
rewrite ^/aggregator/rss.xml$ /rss.xml permanent;
rewrite ^/personal/blog/aggregator/RSS$ /rss.xml permanent;
rewrite ^/personal/blog/aggregator/RSS2$ /rss.xml permanent;
rewrite ^/aggregator/RSS$ /rss.xml permanent;
rewrite ^/aggregator/RSS2$ /rss.xml permanent;
rewrite ^/wp-commentsrss2.php$ /rss.xml permanent;
'';
forceSSL = true;
};
"hartwin-hoyer.de" = {
serverAliases = [ "www.hartwin-hoyer.de" ];
useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true;
};
"hartwin.hoyer.xyz" = {
serverAliases = [
"testhartwin.hoyer.xyz"
"www.hartwin.hoyer.xyz"
];
useACMEHost = "hoyer.xyz";
root = "/var/www/hartwin.hoyer.xyz/html/";
forceSSL = true;
};
"nc.hoyer.xyz" = {
useACMEHost = "hoyer.xyz";
forceSSL = true;
};
};
}

9
systems/x86_64-linux/sgx/backup.nix
View file

@ -1,7 +1,8 @@
{ pkgs
, lib
, config
, ...
{
pkgs,
lib,
config,
...
}:
let
backup_new_path = "/mnt/raid/backup/hoyer/new/";