- Disk check scripts now send ntfy alerts in addition to email
- New ntfy-failure@ template service notifies on any systemd service failure
- Uses sops-managed token for ntfy authentication
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Self-hosted at ntfy.hoyer.xyz with deny-all default access.
After deploying, create a user with: ntfy user add --role=admin harald
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Temporary upgrade script following the official NixOS procedure.
Run `upgrade-pg-cluster --jobs 4 --link` on the server, then switch
the package to postgresql_16 and remove the script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The check_root service incorrectly used '/boot Disk Space Alert' as
the email subject instead of '/ Disk Space Alert'. Also merged the
duplicate systemd.services and systemd.timers attribute sets.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Enable ManageSieve in Dovecot (port 4190) and add the managesieve
plugin to Roundcube for managing Sieve filter rules via webmail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replaced `DEFAULT_SYSTEM_PROMPT` with `BOT_SYSTEM_PROMPT` for clarity and modularity.
- Introduced a `build_system_prompt` function to dynamically compose prompts.
- Enhanced `call_claude` CLI with new tool options and appendable prompts.
- Added a default system prompt and adjusted the structure to use XML for clarity.
- Improved help command handling by simplifying triggers and updating responses.
- Enhanced NixOS configuration with support for optional custom instructions.
- Replaced Nextcloud chat history fetching with in-memory storage for conversation history.
- Added limits to history length based on an environment variable (`CONTEXT_MESSAGES`).
- Simplified prompt-building logic by removing async history fetching.
- Switched `maxTokens` to `contextMessages` to set chat history length instead of token limit.
- Updated environment variables, NixOS module, and prompt building logic for consistency.
- Removed in-memory conversation history, now fetching from Nextcloud for better scalability.
- Simplified the `call_claude` function by removing the unused `MAX_TOKENS` argument handling.
- Ensures cleaner and more maintainable command construction.
- Updated webhook parsing to align with the latest Nextcloud Talk Bot format.
- Improved handling of actor, message, and conversation data for clarity and flexibility.
- Added robust JSON decoding with fallback for content extraction.
- Enhanced signature verification by adding support for a `random` token included in webhook headers.
- Introduced logging to display signature variants for debugging purposes.
- Improved webhook handling to process new `X-Nextcloud-Talk-Random` header.
- Added info-level logging to provide details about signature verification, including secret length and partial hashes for expected and received signatures.
- Helps in debugging signature mismatches without exposing full sensitive data.
- Set `User` and `Group` for the bot service to enhance security and isolation.
- Added system user and group for `claude-bot` with defined home directory.
- Modified secrets ownership to align with the new bot user.
- Updated bot to only respond in group chats when explicitly mentioned.
- Added mention detection using regex for "Claude" patterns and cleaned up the message text for processing.
- Improved help message to clarify usage in direct messages and group chats.
- Replaced `buildPythonApplication` with `python3.withPackages` for a cleaner and more concise implementation.
- Adjusted service configuration to use the updated packaging structure, ensuring compatibility with the new setup.
- Simplifies the NixOS module by reducing redundancy and improving maintainability.
- Added configuration for Nextcloud Claude Bot, including NixOS module, secrets management, and example setup files.
- Introduced a Python-based HTTP server for handling webhook events and interacting with Nextcloud Talk.
- Integrated necessary dependencies and systemd service for seamless operation.
Create 6 new NixOS modules to reduce duplication across system configs:
- hardware/wooting: Wooting keyboard udev rules and Bluetooth compat
- services/nginx-base: Common nginx server settings
- services/acme-base: ACME certificate defaults
- services/xremap: Key remapping with sensible defaults
- system/no-sleep: Disable sleep/suspend/hibernate targets
- system/kernel-tweaks: PM freeze timeout and zram configuration
Update system configuration files to use these new modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added global DNS nameservers configuration for headscale
- Included Cloudflare DNS servers (1.1.1.1, 1.0.0.1) and IPv6 addresses
- Added local DNS server (192.168.178.254) for internal resolution
- Added systemd service dependencies for gitea-runner-default
- Ensured nginx.service is required and started before gitea-runner-default
- Maintains proper service startup order for forgejo deployment
- Enabled `services.gnome.gnome-remote-desktop` in the `x1` configuration.
- Removed an unused `lib` parameter in the `forgejo.nix` module.
- Updated the `home-manager` source in the `flake.lock` file with the latest revision and hash.
Switched from `forgejo-actions-runner` to `forgejo-runner` package for the gitea actions runner instance. This aligns with the updated package naming convention in the system configuration. The change ensures proper integration with the forgejo ecosystem and maintains consistency with the project's package structure.
- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
Removed comment clutter and streamlined the configuration for better readability and maintenance. Ensured the sops secrets and ACME certificate handling remain functional.
Updated the Nextcloud package from version 30 to 31. This ensures access to the latest features and improvements while maintaining compatibility with the system configuration.
Reformatted configuration files for better readability and consistency. Updated lock file dependencies to the latest revisions, ensuring compatibility and performance improvements.
