Merge branch 'main' of codeberg.org:muon/home

Fix dns
Remove unused
2026-03-08 03:25:16 +00:00 · 2026-01-01 17:01:41 +00:00 · 2026-01-01 17:00:06 +00:00 · 2026-01-01 16:45:39 +00:00 · 2026-01-01 16:39:28 +00:00 · 2026-01-01 16:00:16 +00:00
7 changed files with 134 additions and 110 deletions
--- a/hosts/muon/home.nix
+++ b/hosts/muon/home.nix
@ -1,5 +1,11 @@
-{ pkgs, lib, osConfig,... }:
-let cfg = osConfig.mods; in {
+{
+  pkgs,
+  lib,
+  osConfig,
+  ...
+}: let
+  cfg = osConfig.mods;
+in {
  # Modules
  mods.xdg.enable = true;
  mods.social.enable = true;
@ -11,17 +17,22 @@ let cfg = osConfig.mods; in {
  mods.desktop.development.enable = true;
  mods.desktop.productivity.enable = true;
  mods.desktop.media.enable = true;
+  mods.zen.enable = true;
+  mods.obsidian.enable = true;

  # Hardware preferences

  ## Monitors
-  xsession.windowManager.i3.config.workspaceOutputAssign = [{
-    workspace = "1";
-    output = "${cfg.monitors.primary.name}";
-  } {
-    workspace = "2";
-    output = "${cfg.monitors.secondary.name}";
-  }];
+  xsession.windowManager.i3.config.workspaceOutputAssign = [
+    {
+      workspace = "1";
+      output = "${cfg.monitors.primary.name}";
+    }
+    {
+      workspace = "2";
+      output = "${cfg.monitors.secondary.name}";
+    }
+  ];
  services.autorandr.enable = true;
  programs.autorandr = {
    enable = true;
@ -38,9 +49,9 @@ let cfg = osConfig.mods; in {
      };
      config = {
        "${cfg.monitors.primary.name}" =
-           cfg.monitors.primary.config;
+          cfg.monitors.primary.config;
        "${cfg.monitors.secondary.name}" =
-           cfg.monitors.secondary.config;
+          cfg.monitors.secondary.config;
      };
    };
  };
--- a/modules/home/desktop/media.nix
+++ b/modules/home/desktop/media.nix
@ -14,7 +14,7 @@
      pavucontrol

      # Video
-      (callPackage ./packages/stremio-linux-shell.nix {})
+      # (callPackage ./packages/stremio-linux-shell.nix {})

      # Podcasts
      gpodder
--- a/modules/home/desktop/productivity.nix
+++ b/modules/home/desktop/productivity.nix
@ -17,8 +17,8 @@ in
      home.packages = with pkgs; [
        # ISO downloader
        qbittorrent
-        xd
-        biglybt
+        # xd
+        # biglybt
        # transmission_4-gtk

        # email
--- a/modules/nixos/core/network.nix
+++ b/modules/nixos/core/network.nix
@ -1,103 +1,107 @@
-{ pkgs, lib, config, ... }:
-
-let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
  cfg = config.mods;
  wg = cfg.wireguard;
+in
+  with lib; {
+    options.mods = {
+      i2p.enable = mkEnableOption "enables i2p network";
+      tailscale.enable = mkEnableOption "enables tailscale";

-in with lib; {
-  options.mods = {
-    i2p.enable = mkEnableOption "enables i2p network";
-    tailscale.enable = mkEnableOption "enables tailscale";
-
-    wireguard.id = mkOption {
-      type = with types; nullOr ints.u8;
-      default = null;
-    };
-
-    openvpn.enable = mkEnableOption "enables openvpn config";
-    openvpn.config = let
-      username = "${config.mods.user.name}";
-      folder = "${config.users.users.${username}.home}/documents/openvpn/";
-      file = "${config.mods.user.name}.ovpn";
-    in mkOption {
-      description = "the config location";
-      default = "${folder}${file}";
-    };
-  };
-
-  config = {
-    networking.networkmanager.enable = true;
-    # networking.nameservers = [ "45.90.28.97" "45.90.30.97" ];
-    networking.nameservers = [ "194.242.2.4#base.dns.mullvad.net" ];
-    # services.resolved = {
-    #   enable = true;
-    #   dnssec = "false";
-    #   dnsovertls = "true";
-    #   domains = [ "~." ];
-    #   fallbackDns = [ "194.242.2.4#base.dns.mullvad.net" ];
-    # };
-
-    # udev 250 doesn't reliably reinitialize devices after restart
-    systemd.services.systemd-udevd.restartIfChanged = false;
-    # systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
-    # systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
-
-    services.tailscale.enable = cfg.tailscale.enable;
-
-    services.openvpn.servers = mkIf cfg.openvpn.enable {
-      remote.config = "config ${cfg.openvpn.config}";
-    };
-
-    networking.firewall.allowedTCPPorts = [
-      7656 # default proto sam port
-      7070 # default web interface port
-      4447 # default socks proxy port
-      4444 # default http proxy port
-    ];
-    services.i2pd = lib.mkIf cfg.i2p.enable {
-      enable = true;
-      proto.sam.enable = true;
-      address = "127.0.0.1";
-      proto = {
-        http.enable = true;
-        socksProxy.enable = true;
-        httpProxy.enable = true;
+      wireguard.id = mkOption {
+        type = with types; nullOr ints.u8;
+        default = null;
      };
+
+      openvpn.enable = mkEnableOption "enables openvpn config";
+      openvpn.config = let
+        username = "${config.mods.user.name}";
+        folder = "${config.users.users.${username}.home}/documents/openvpn/";
+        file = "${config.mods.user.name}.ovpn";
+      in
+        mkOption {
+          description = "the config location";
+          default = "${folder}${file}";
+        };
    };

-    networking.firewall.allowedUDPPorts = [ 51820 16261 ];
-    networking.wg-quick.interfaces = lib.mkIf (wg.id != null) {
-      wg0 = {
-        address = [
-          "10.0.0.${toString wg.id}/24"
-          "fdc9:281f:04d7:9ee9::${toString wg.id}/64"
-        ];
-        dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
-        mtu = 1500;
-        privateKeyFile = "/home/muon/wireguard-keys/private";
+    config = {
+      networking.networkmanager.enable = true;
+      # networking.nameservers = [ "45.90.28.97" "45.90.30.97" ];
+      networking.nameservers = ["194.242.2.4#base.dns.mullvad.net"];
+      # services.resolved = {
+      #   enable = true;
+      #   dnssec = "false";
+      #   dnsovertls = "true";
+      #   domains = [ "~." ];
+      #   fallbackDns = [ "194.242.2.4#base.dns.mullvad.net" ];
+      # };

-        peers = [{
-          publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
-          presharedKeyFile =
-            "/home/muon/wireguard-keys/psk-${config.networking.hostName}";
-          allowedIPs = [ "10.0.0.${toString wg.id}/24" ];
-          # allowedIPs = [ "0.0.0.0/0" ];
-          # ip route add 93.95.230.11 via 192.168.0.1
-          endpoint = "93.95.230.11:51820";
-          persistentKeepalive = 25;
-        }];
+      # udev 250 doesn't reliably reinitialize devices after restart
+      systemd.services.systemd-udevd.restartIfChanged = false;
+      # systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
+      # systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
+
+      services.tailscale.enable = cfg.tailscale.enable;
+
+      services.openvpn.servers = mkIf cfg.openvpn.enable {
+        remote.config = "config ${cfg.openvpn.config}";
      };
+
+      networking.firewall.allowedTCPPorts = [
+        7656 # default proto sam port
+        7070 # default web interface port
+        4447 # default socks proxy port
+        4444 # default http proxy port
+      ];
+      services.i2pd = lib.mkIf cfg.i2p.enable {
+        enable = true;
+        proto.sam.enable = true;
+        address = "127.0.0.1";
+        proto = {
+          http.enable = true;
+          socksProxy.enable = true;
+          httpProxy.enable = true;
+        };
+      };
+
+      networking.firewall.allowedUDPPorts = [51820 16261];
+      networking.wg-quick.interfaces = lib.mkIf (wg.id != null) {
+        wg0 = {
+          address = [
+            "10.0.0.${toString wg.id}/24"
+            "fdc9:281f:04d7:9ee9::${toString wg.id}/64"
+          ];
+          # dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
+          mtu = 1500;
+          privateKeyFile = "/home/muon/wireguard-keys/private";
+
+          peers = [
+            {
+              publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
+              presharedKeyFile = "/home/muon/wireguard-keys/psk-${config.networking.hostName}";
+              allowedIPs = ["10.0.0.${toString wg.id}/24"];
+              # allowedIPs = [ "0.0.0.0/0" ];
+              # ip route add 93.95.230.11 via 192.168.0.1
+              endpoint = "93.95.230.11:51820";
+              persistentKeepalive = 25;
+            }
+          ];
+        };
+      };
+
+      networking.extraHosts = ''
+        10.0.0.1 mups
+        10.0.0.2 muon
+        10.0.0.3 muho
+        10.0.0.4 muop
+      '';
+
+      # gateway =
+      # "${pkgs.networkmanager}/bin/nmcli dev show ${interface} | ${pkgs.gnugrep}/bin/fgrep IP4.GATEWAY | ${pkgs.awk}/bin/awk {print $2}";
    };
-
-    networking.extraHosts = ''
-      10.0.0.1 mups
-      10.0.0.2 muon
-      10.0.0.3 muho
-      10.0.0.4 muop
-    '';
-
-    # gateway =
-    # "${pkgs.networkmanager}/bin/nmcli dev show ${interface} | ${pkgs.gnugrep}/bin/fgrep IP4.GATEWAY | ${pkgs.awk}/bin/awk {print $2}";
-
-  };
-}
+  }
--- a/modules/nixos/server/audio.nix
+++ b/modules/nixos/server/audio.nix
@ -40,6 +40,7 @@ in with lib; {
      openFirewall = true;
      openRPCPort = true;
      port = arr.torrent.port;
+      package = pkgs.transmission_4;
      settings = {
        download-dir = "/storage1/download";
        rpc-port = arr.torrent.port;
--- a/modules/nixos/server/grav/default.nix
+++ b/modules/nixos/server/grav/default.nix
@ -23,7 +23,7 @@ in with lib; {
      inherit port;
      enable = true;
      root = cfg.grav.location;
-      phpPackage = pkgs.php81;
+      phpPackage = pkgs.php83;
    };
    users.users.${config.mods.user.name}.extraGroups = lib.mkAfter [ "grav" ];
  };
--- a/modules/nixos/server/nginx.nix
+++ b/modules/nixos/server/nginx.nix
@ -82,7 +82,7 @@ in
            add_header X-XSS-Protection          "1; mode=block" always;
            add_header X-Content-Type-Options    "nosniff" always;
            add_header Referrer-Policy           "no-referrer-when-downgrade" always;
-            add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+            add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self'; object-src 'none'; base-uri 'none';"; always;
            add_header Permissions-Policy        "interest-cohort=()" always;
            # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
          '';
@ -99,6 +99,14 @@ in
              "/" = {
                proxyPass = "http://${cfg.ip}:${toString port}/";
                proxyWebsockets = true;
+                extraConfig =
+                  # sh
+                  ''
+                    client_max_body_size 50000M;
+                    proxy_read_timeout   600s;
+                    proxy_send_timeout   600s;
+                    send_timeout         600s;
+                  '';
              };
            };
        in
Author	SHA1	Message	Date
muon	4744f39ad7	Merge branch 'main' of codeberg.org:muon/home	2026-01-01 17:01:41 +00:00
muon	debd6d38cd	Fix dns	2026-01-01 17:00:06 +00:00
muon	02e6c06f6f	Remove unused	2026-01-01 16:45:39 +00:00
muon	1aec25fdaa	Update nginx	2026-01-01 16:39:28 +00:00
muon	3e2e11bb33	Update transmission	2026-01-01 16:00:16 +00:00
muon	acbf82b8b9	Merge branch 'main' of codeberg.org:muon/home	2026-01-01 15:53:12 +00:00
muon	7bfff96a5c	Update php	2026-01-01 15:52:57 +00:00
muon	cbc44a5eba	Add new options to muon	2026-01-01 15:38:04 +00:00