From 8120c37364722ce945f77582f1ce9e8834655850 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Thu, 8 Jan 2026 21:51:06 +0100 Subject: [PATCH 01/10] remove powerlevel10k module --- homeModules/zsh-powerlevel10k.nix | 23 ------------ nixosModules/global-settings-desktop.nix | 47 ++++++++++++------------ 2 files changed, 23 insertions(+), 47 deletions(-) delete mode 100644 homeModules/zsh-powerlevel10k.nix diff --git a/homeModules/zsh-powerlevel10k.nix b/homeModules/zsh-powerlevel10k.nix deleted file mode 100644 index 295fd0c..0000000 --- a/homeModules/zsh-powerlevel10k.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - options.programs.zsh-powerlevel10k = { - enable = lib.mkEnableOption "powerlevel10k zsh theme"; - package = lib.mkPackageOption pkgs "zsh-powerlevel10k" { nullable = true; }; - }; - - config = - let - cfg = config.programs.zsh-powerlevel10k; - p10k = if (cfg.package != null) then cfg.package else pkgs.zsh-powerlevel10k; - in - lib.mkIf cfg.enable { - programs.zsh.initContent = '' - source ${p10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme - ''; - }; -} diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix index a92a5d2..eda369d 100644 --- a/nixosModules/global-settings-desktop.nix +++ b/nixosModules/global-settings-desktop.nix @@ -11,30 +11,6 @@ }: { imports = [ - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - }; - - time.timeZone = "Europe/Berlin"; - - home-manager.sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - self.homeModules.zsh-powerlevel10k - # keep-sorted end - ]; - - home-manager.users = home-manager-users; - } - # keep-sorted start home-manager.nixosModules.home-manager self.nixosModules.en-de @@ -54,4 +30,27 @@ stylix.nixosModules.stylix # keep-sorted end ]; + + config = { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + }; + + time.timeZone = "Europe/Berlin"; + + home-manager.sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; + + home-manager.users = home-manager-users; + }; } From 0414f6ac073ce4f9809f1e65276c0e8451390ffd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Thu, 15 Jan 2026 23:11:25 +0100 Subject: [PATCH 02/10] git user change --- homeConfigurations/vinzenz/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/homeConfigurations/vinzenz/git.nix b/homeConfigurations/vinzenz/git.nix index df51eda..ba7cd61 100644 --- a/homeConfigurations/vinzenz/git.nix +++ b/homeConfigurations/vinzenz/git.nix @@ -3,8 +3,8 @@ enable = true; settings = { user = { - name = "Vinzenz Schroeter"; - email = "vinzenz.f.s@gmail.com"; + name = "müde"; + email = "git@darkest.space"; }; aliases = { From d07b7c159d0c229440411ef6ae0d1f012ffe8085 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:16:56 +0100 Subject: [PATCH 03/10] add headscale --- nixosConfigurations/hetzner-vpn2/default.nix | 1 + .../hetzner-vpn2/headscale.nix | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 nixosConfigurations/hetzner-vpn2/headscale.nix diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 591dc20..5ad0e0f 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -2,6 +2,7 @@ imports = [ ./hardware.nix ./nginx.nix + ./headscale.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix new file mode 100644 index 0000000..05e3b5a --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -0,0 +1,23 @@ +let + headscale-port = 8668; +in +{ + services = { + headscale = { + enable = true; + address = "localhost"; + port = headscale-port; + settings = { + dns.base_domain = "high-gravity.space"; + server_url = "https://headscale.zerforschen.plus"; + }; + }; + nginx.virtualHosts."uplink.darkest.space" = { + addSSL = true; + enableACME = true; + locations = { + "/".proxyPass = "http://localhost:${builtins.toString headscale-port}"; + }; + }; + }; +} From 3fd509e11d90c967ac4801c373785a1258953340 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:17:22 +0100 Subject: [PATCH 04/10] vpn2: split nginx config --- nixosConfigurations/hetzner-vpn2/blog.nix | 43 +++++++++++++++ nixosConfigurations/hetzner-vpn2/default.nix | 1 + nixosConfigurations/hetzner-vpn2/nginx.nix | 55 +++----------------- 3 files changed, 50 insertions(+), 49 deletions(-) create mode 100644 nixosConfigurations/hetzner-vpn2/blog.nix diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix new file mode 100644 index 0000000..4b29cb3 --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/blog.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; + anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; +in +{ + systemd.services = { + nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; + anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; + }; + + services = { + nginx.virtualHosts = { + "zerforschen.plus" = { + addSSL = true; + enableACME = true; + locations = { + "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; + "/".proxyPass = "http://unix:" + anubis-domain-socket; + }; + }; + + "blog-in-anubis" = { + root = pkgs.zerforschen-plus-content; + listen = [ + { + addr = "unix:" + blog-domain-socket; + } + ]; + }; + }; + + anubis.instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + METRICS_BIND = anubis-metrics-socket; + }; + }; + }; +} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 5ad0e0f..cc53cb3 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -3,6 +3,7 @@ ./hardware.nix ./nginx.nix ./headscale.nix + ./blog.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix index aa399aa..7178b0d 100644 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ b/nixosConfigurations/hetzner-vpn2/nginx.nix @@ -1,62 +1,19 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in { security.acme = { acceptTerms = true; defaults.email = "acme@zerforschen.plus"; }; - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "zerforschen.plus" = { - addSSL = true; - enableACME = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; }; networking.firewall.allowedTCPPorts = [ 80 443 - 5201 ]; } From b138f414e001786c5cb05283aefbdb2a136a95fd Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:48:08 +0100 Subject: [PATCH 05/10] disable override local --- nixosConfigurations/hetzner-vpn2/headscale.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index 05e3b5a..538c557 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -8,8 +8,11 @@ in address = "localhost"; port = headscale-port; settings = { - dns.base_domain = "high-gravity.space"; server_url = "https://headscale.zerforschen.plus"; + dns = { + override_local_dns = false; + base_domain = "high-gravity.space"; + }; }; }; nginx.virtualHosts."uplink.darkest.space" = { From 81ee5b81c0fb4dc20fe3f757e659409def5ebcfb Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:51:42 +0100 Subject: [PATCH 06/10] fix url --- nixosConfigurations/hetzner-vpn2/headscale.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index 538c557..c27e192 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -8,7 +8,7 @@ in address = "localhost"; port = headscale-port; settings = { - server_url = "https://headscale.zerforschen.plus"; + server_url = "https://uplink.darkest.space/"; dns = { override_local_dns = false; base_domain = "high-gravity.space"; From eea0a072f28afc84e60e8a249efb205402275e94 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:54:55 +0100 Subject: [PATCH 07/10] force ssl --- nixosConfigurations/hetzner-vpn2/blog.nix | 2 +- nixosConfigurations/hetzner-vpn2/headscale.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix index 4b29cb3..367ef2b 100644 --- a/nixosConfigurations/hetzner-vpn2/blog.nix +++ b/nixosConfigurations/hetzner-vpn2/blog.nix @@ -13,8 +13,8 @@ in services = { nginx.virtualHosts = { "zerforschen.plus" = { - addSSL = true; enableACME = true; + forceSSL = true; locations = { "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; "/".proxyPass = "http://unix:" + anubis-domain-socket; diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index c27e192..6a0cae2 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -16,8 +16,8 @@ in }; }; nginx.virtualHosts."uplink.darkest.space" = { - addSSL = true; enableACME = true; + forceSSL = true; locations = { "/".proxyPass = "http://localhost:${builtins.toString headscale-port}"; }; From b3166d967f3bf6bb6ea03544bd112d1d205c84e8 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 20:57:27 +0100 Subject: [PATCH 08/10] proxy websockets --- nixosConfigurations/hetzner-vpn2/headscale.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index 6a0cae2..43eda08 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -18,8 +18,9 @@ in nginx.virtualHosts."uplink.darkest.space" = { enableACME = true; forceSSL = true; - locations = { - "/".proxyPass = "http://localhost:${builtins.toString headscale-port}"; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString headscale-port}"; + proxyWebsockets = true; }; }; }; From 8028e1287fa3f188f97f2f2c47b86fabd3a14fb7 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 21:59:05 +0100 Subject: [PATCH 09/10] headscale: enable DERP --- nixosConfigurations/hetzner-vpn2/headscale.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index 43eda08..de87c96 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -2,6 +2,8 @@ let headscale-port = 8668; in { + # sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER + services = { headscale = { enable = true; @@ -13,8 +15,17 @@ in override_local_dns = false; base_domain = "high-gravity.space"; }; + derp = { + server = { + enabled = true; + ipv4 = "78.46.242.90"; + ipv6 = "2a01:4f8:c013:65dd::1"; + }; + urls = [ ]; + }; }; }; + nginx.virtualHosts."uplink.darkest.space" = { enableACME = true; forceSSL = true; @@ -24,4 +35,7 @@ in }; }; }; + + # for DERP + networking.firewall.allowedUDPPorts = [ 3478 ]; } From 28d500ac78aeb858c66153f26fdff6338e262414 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 4 Jan 2026 22:01:44 +0100 Subject: [PATCH 10/10] fix DERP --- nixosConfigurations/hetzner-vpn2/headscale.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix index de87c96..6eac407 100644 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -18,6 +18,8 @@ in derp = { server = { enabled = true; + verify_clients = true; + stun_listen_addr = "0.0.0.0:3478"; ipv4 = "78.46.242.90"; ipv6 = "2a01:4f8:c013:65dd::1"; };