From 101fb29dba2b8bc85f71101bb8b0f02bed81ca1a Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 28 Apr 2026 22:25:24 +0200 Subject: [PATCH] Added Octoprint; Minor config changes; --- hosts/cyper-controller/configuration.nix | 2 +- nixos/roles/matrix/clients.nix | 32 +++++++++++- nixos/roles/matrix/synapse.nix | 1 + nixos/roles/octoprint.nix | 62 ++++++++++++++++++++++++ nixos/roles/paperless-ngx.nix | 53 +++++++++----------- secrets/secrets.yaml | 4 +- 6 files changed, 120 insertions(+), 34 deletions(-) create mode 100644 nixos/roles/octoprint.nix diff --git a/hosts/cyper-controller/configuration.nix b/hosts/cyper-controller/configuration.nix index 5d99c31..772709b 100644 --- a/hosts/cyper-controller/configuration.nix +++ b/hosts/cyper-controller/configuration.nix @@ -12,8 +12,8 @@ ../../nixos/roles/gitea.nix ../../nixos/roles/vaultwarden.nix ../../nixos/roles/frontpage - ../../nixos/roles/cage.nix ../../nixos/roles/paperless-ngx.nix + ../../nixos/roles/octoprint.nix ]; networking = { diff --git a/nixos/roles/matrix/clients.nix b/nixos/roles/matrix/clients.nix index 0339f70..2b96d04 100644 --- a/nixos/roles/matrix/clients.nix +++ b/nixos/roles/matrix/clients.nix @@ -126,7 +126,7 @@ let preferred_domain = "jitsi.cyperpunk.de"; }; element_call = { - url = "https://call.element.io"; + url = "https://element.cyperpunk.de/widgets/element-call"; use_exclusively = true; participant_limit = 8; brand = "Cyperpunk Call"; @@ -140,6 +140,7 @@ let }; features = { feature_group_calls = true; + "feature_disable_call_per_sender_encryption" = true; }; } ); @@ -148,10 +149,27 @@ let cp ${elementConfig} $out/config.json ''; }); - synapseAdmin = pkgs.synapse-admin-etkecc.withConfig { + synapseAdmin = pkgs.ketesa.withConfig { restrictBaseUrl = [ "https://matrix.cyperpunk.de" ]; loginFlows = [ "password" ]; }; + elementCallConfigured = pkgs.element-call.overrideAttrs (old: { + postInstall = (old.postInstall or "") + '' + cp ${ + builtins.toFile "element-call-config.json" ( + builtins.toJSON { + default_server_config = { + "m.homeserver" = { + base_url = "https://matrix.cyperpunk.de"; + server_name = "cyperpunk.de"; + }; + }; + livekit_service_url = "https://cyperpunk.de/livekit/jwt/"; + } + ) + } $out/config.json + ''; + }); in { @@ -160,6 +178,7 @@ in 8010 # Element 8011 # Synapse Admin 8012 # FluffyChat + 8013 # Element Call ]; services.nginx.virtualHosts = { @@ -201,6 +220,15 @@ in ]; root = "${synapseAdmin}"; }; + "element-call.cyperpunk.de" = { + listen = [ + { + addr = "0.0.0.0"; + port = 8013; + } + ]; + root = "${elementCallConfigured}"; + }; }; virtualisation.oci-containers.containers.fluffychat = { diff --git a/nixos/roles/matrix/synapse.nix b/nixos/roles/matrix/synapse.nix index 8bd271c..a96c616 100644 --- a/nixos/roles/matrix/synapse.nix +++ b/nixos/roles/matrix/synapse.nix @@ -35,6 +35,7 @@ "msc3779_enabled" = true; "msc3401_enabled" = true; "msc4143_enabled" = true; + "msc4195_enabled" = true; }; listeners = [ { diff --git a/nixos/roles/octoprint.nix b/nixos/roles/octoprint.nix new file mode 100644 index 0000000..12447ca --- /dev/null +++ b/nixos/roles/octoprint.nix @@ -0,0 +1,62 @@ +{ lib, pkgs, ... }: +let + octoprint-overlay = self: super: { + octoprint = super.octoprint.override { + packageOverrides = pyself: pysuper: { + + octoprint-customcss = pyself.buildPythonPackage { + pname = "OctoPrint-CustomCSS"; + version = "20201210"; + format = "setuptools"; + src = pkgs.fetchFromGitHub { + owner = "crankeye"; + repo = "OctoPrint-CustomCSS"; + rev = "7a042b11055592b42b59298ad8d579b731081acd"; + sha256 = "sha256-N5DjaZ2KzSi1xfmvhS8gWKAMyXz5btYqU1QSRIMkFZY="; + }; + propagatedBuildInputs = [ pysuper.octoprint ]; + doCheck = false; + meta = with lib; { + description = "A simple plugin for adding custom CSS to OctoPrint"; + homepage = "https://github.com/crankeye/OctoPrint-CustomCSS"; + license = licenses.agpl3Only; + }; + }; + + octoprint-bedlevelvisualizer = pyself.buildPythonPackage { + pname = "OctoPrint-BedLevelVisualizer"; + version = "1.1.1"; + format = "setuptools"; + src = pkgs.fetchFromGitHub { + owner = "jneilliii"; + repo = "OctoPrint-BedLevelVisualizer"; + rev = "1.1.1"; + sha256 = "1v7gqyp605z3hyc1w8a2h6ir6k0vp2ccby1wwxlri6h4i2yii5z8"; + }; + propagatedBuildInputs = [ pysuper.octoprint ]; + doCheck = false; + meta = with lib; { + description = "Visualize your bed leveling via a 3D mesh"; + homepage = "https://github.com/jneilliii/OctoPrint-BedLevelVisualizer"; + license = licenses.mit; + }; + }; + + }; + }; + }; +in +{ + nixpkgs.overlays = [ octoprint-overlay ]; + services.octoprint = { + enable = true; + host = "0.0.0.0"; + openFirewall = true; + port = 5000; + plugins = + ps: with ps; [ + octoprint-customcss + octoprint-bedlevelvisualizer + ]; + }; +} diff --git a/nixos/roles/paperless-ngx.nix b/nixos/roles/paperless-ngx.nix index 0f83219..ee3e22d 100644 --- a/nixos/roles/paperless-ngx.nix +++ b/nixos/roles/paperless-ngx.nix @@ -1,37 +1,31 @@ { pkgs, ... }: - { - services.paperless = { - enable = true; - package = pkgs.paperless-ngx; - address = "0.0.0.0"; - port = 28101; - settings = { + services = { + paperless = { + enable = true; + package = pkgs.paperless-ngx; + address = "0.0.0.0"; + port = 28101; + settings = { + PAPERLESS_USE_X_FORWARDED_HOST = "true"; + PAPERLESS_USE_X_FORWARDED_PORT = "true"; + PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost"; + PAPERLESS_CSRF_TRUSTED_ORIGINS = [ + "https://ngx.cyperpunk.de" + "http://100.109.179.25:28101" + ]; + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_CONSUMPTION_DIR = "/var/lib/paperless/consume"; + PAPERLESS_URL = "https://ngx.cyperpunk.de"; + }; - # Da der Proxy auf einem anderen Server (via Tailscale) liegt: - # Erlaubt Paperless, die 'X-Forwarded-*' Header zu akzeptieren - PAPERLESS_USE_X_FORWARDED_HOST = "true"; - PAPERLESS_USE_X_FORWARDED_PORT = "true"; - - # Erlaubt den Zugriff über die Domain UND die Tailscale-IP - # Der Stern '*' ist die einfachste Lösung für private Server - PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost"; - - # Füge die IP auch zu den vertrauenswürdigen Ursprüngen hinzu (für CSRF) - PAPERLESS_CSRF_TRUSTED_ORIGINS = [ - "https://ngx.cyperpunk.de" - "http://100.109.179.25:28101" - ]; - - # Restliche Einstellungen bleiben gleich - PAPERLESS_OCR_LANGUAGE = "deu+eng"; - PAPERLESS_CONSUMPTION_DIR = "/var/lib/paperless/consume"; # Falls du den Bind-Mount nutzt - PAPERLESS_URL = "https://ngx.cyperpunk.de"; + exporter = { + enable = true; + }; }; }; - # Gruppe und Berechtigungen wie besprochen users.users.paperless.extraGroups = [ "users" ]; systemd.tmpfiles.rules = [ @@ -39,6 +33,7 @@ "z /storage/internal/paperless 0775 root users -" ]; - # Öffne den Port für Tailscale (oder das lokale Netz) - networking.firewall.allowedTCPPorts = [ 28101 ]; + networking.firewall.allowedTCPPorts = [ + 28101 + ]; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 956759d..00081f3 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -25,7 +25,7 @@ sops: N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-25T01:01:15Z" - mac: ENC[AES256_GCM,data:LEoQilJrVhhzLdAyMz2xugOlnsu1j3XyCJbRLnMpRivbOFlqOu9dvwAJJ8gDzizOxTwh/24YD14f+njdPGNSB42O9sD9Mcb9UdB3N2pzHNaaUYQXFDHdqfxTQ93sYkwOP4KZHbMgbtzb1a/1a+G2cLhBcmIZSdOdkAzcVwUVmVY=,iv:D9xDKS2X6AiJi61/a/YbU+DvhTq5XB30HvE85i5lGvo=,tag:ztDsyGvk4KhBa6NJdOqhGg==,type:str] + lastmodified: "2026-04-28T20:24:56Z" + mac: ENC[AES256_GCM,data:ckUMW2VucN8foLbSk8iKBHOtIOSFi0eOy4d0unLlJZpaKEFO91UofHN00Gh+sfw3jG0VNRWGUhAGxQC+di4LFbITlODPkWOzY10FMAES5FSQVyKkW9gnQY/BGbHlDX63iwZ9FLQEbCg4LSVA1emVlCmZ5QEYy5bBH7LddNdnEbo=,iv:u9akYdHujAuFoSAv0Q7rcsSAn5PJZhBhkKjrBWn0XBg=,tag:GvN2Kgi2+5bTZ7t/tZASRw==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2