Added Octoprint; Minor config changes;

hosts/cyper-controller/configuration.nix

@@ -12,8 +12,8 @@
     ../../nixos/roles/gitea.nix
     ../../nixos/roles/vaultwarden.nix
     ../../nixos/roles/frontpage
-    ../../nixos/roles/cage.nix
     ../../nixos/roles/paperless-ngx.nix
+    ../../nixos/roles/octoprint.nix
   ];
 
   networking = {

nixos/roles/matrix/clients.nix

@@ -126,7 +126,7 @@ let
         preferred_domain = "jitsi.cyperpunk.de";
       };
       element_call = {
-        url = "https://call.element.io";
+        url = "https://element.cyperpunk.de/widgets/element-call";
         use_exclusively = true;
         participant_limit = 8;
         brand = "Cyperpunk Call";
@@ -140,6 +140,7 @@ let
       };
       features = {
         feature_group_calls = true;
+        "feature_disable_call_per_sender_encryption" = true;
       };
     }
   );
@@ -148,10 +149,27 @@ let
       cp ${elementConfig} $out/config.json
     '';
   });
-  synapseAdmin = pkgs.synapse-admin-etkecc.withConfig {
+  synapseAdmin = pkgs.ketesa.withConfig {
     restrictBaseUrl = [ "https://matrix.cyperpunk.de" ];
     loginFlows = [ "password" ];
   };
+  elementCallConfigured = pkgs.element-call.overrideAttrs (old: {
+    postInstall = (old.postInstall or "") + ''
+      cp ${
+        builtins.toFile "element-call-config.json" (
+          builtins.toJSON {
+            default_server_config = {
+              "m.homeserver" = {
+                base_url = "https://matrix.cyperpunk.de";
+                server_name = "cyperpunk.de";
+              };
+            };
+            livekit_service_url = "https://cyperpunk.de/livekit/jwt/";
+          }
+        )
+      } $out/config.json
+    '';
+  });
 in
 {
 
@@ -160,6 +178,7 @@ in
     8010 # Element
     8011 # Synapse Admin
     8012 # FluffyChat
+    8013 # Element Call
   ];
 
   services.nginx.virtualHosts = {
@@ -201,6 +220,15 @@ in
       ];
       root = "${synapseAdmin}";
     };
+    "element-call.cyperpunk.de" = {
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8013;
+        }
+      ];
+      root = "${elementCallConfigured}";
+    };
   };
 
   virtualisation.oci-containers.containers.fluffychat = {

nixos/roles/matrix/synapse.nix

@@ -35,6 +35,7 @@
           "msc3779_enabled" = true;
           "msc3401_enabled" = true;
           "msc4143_enabled" = true;
+          "msc4195_enabled" = true;
         };
         listeners = [
           {

nixos/roles/octoprint.nix

@@ -0,0 +1,62 @@
+{ lib, pkgs, ... }:
+let
+  octoprint-overlay = self: super: {
+    octoprint = super.octoprint.override {
+      packageOverrides = pyself: pysuper: {
+
+        octoprint-customcss = pyself.buildPythonPackage {
+          pname = "OctoPrint-CustomCSS";
+          version = "20201210";
+          format = "setuptools";
+          src = pkgs.fetchFromGitHub {
+            owner = "crankeye";
+            repo = "OctoPrint-CustomCSS";
+            rev = "7a042b11055592b42b59298ad8d579b731081acd";
+            sha256 = "sha256-N5DjaZ2KzSi1xfmvhS8gWKAMyXz5btYqU1QSRIMkFZY=";
+          };
+          propagatedBuildInputs = [ pysuper.octoprint ];
+          doCheck = false;
+          meta = with lib; {
+            description = "A simple plugin for adding custom CSS to OctoPrint";
+            homepage = "https://github.com/crankeye/OctoPrint-CustomCSS";
+            license = licenses.agpl3Only;
+          };
+        };
+
+        octoprint-bedlevelvisualizer = pyself.buildPythonPackage {
+          pname = "OctoPrint-BedLevelVisualizer";
+          version = "1.1.1";
+          format = "setuptools";
+          src = pkgs.fetchFromGitHub {
+            owner = "jneilliii";
+            repo = "OctoPrint-BedLevelVisualizer";
+            rev = "1.1.1";
+            sha256 = "1v7gqyp605z3hyc1w8a2h6ir6k0vp2ccby1wwxlri6h4i2yii5z8";
+          };
+          propagatedBuildInputs = [ pysuper.octoprint ];
+          doCheck = false;
+          meta = with lib; {
+            description = "Visualize your bed leveling via a 3D mesh";
+            homepage = "https://github.com/jneilliii/OctoPrint-BedLevelVisualizer";
+            license = licenses.mit;
+          };
+        };
+
+      };
+    };
+  };
+in
+{
+  nixpkgs.overlays = [ octoprint-overlay ];
+  services.octoprint = {
+    enable = true;
+    host = "0.0.0.0";
+    openFirewall = true;
+    port = 5000;
+    plugins =
+      ps: with ps; [
+        octoprint-customcss
+        octoprint-bedlevelvisualizer
+      ];
+  };
+}

nixos/roles/paperless-ngx.nix

@@ -1,37 +1,31 @@
 { pkgs, ... }:
-
 {
-  services.paperless = {
-    enable = true;
-    package = pkgs.paperless-ngx;
-    address = "0.0.0.0";
-    port = 28101;
 
-    settings = {
+  services = {
+    paperless = {
+      enable = true;
+      package = pkgs.paperless-ngx;
+      address = "0.0.0.0";
+      port = 28101;
+      settings = {
+        PAPERLESS_USE_X_FORWARDED_HOST = "true";
+        PAPERLESS_USE_X_FORWARDED_PORT = "true";
+        PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost";
+        PAPERLESS_CSRF_TRUSTED_ORIGINS = [
+          "https://ngx.cyperpunk.de"
+          "http://100.109.179.25:28101"
+        ];
+        PAPERLESS_OCR_LANGUAGE = "deu+eng";
+        PAPERLESS_CONSUMPTION_DIR = "/var/lib/paperless/consume";
+        PAPERLESS_URL = "https://ngx.cyperpunk.de";
+      };
 
-      # Da der Proxy auf einem anderen Server (via Tailscale) liegt:
-      # Erlaubt Paperless, die 'X-Forwarded-*' Header zu akzeptieren
-      PAPERLESS_USE_X_FORWARDED_HOST = "true";
-      PAPERLESS_USE_X_FORWARDED_PORT = "true";
-
-      # Erlaubt den Zugriff über die Domain UND die Tailscale-IP
-      # Der Stern '*' ist die einfachste Lösung für private Server
-      PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost";
-
-      # Füge die IP auch zu den vertrauenswürdigen Ursprüngen hinzu (für CSRF)
-      PAPERLESS_CSRF_TRUSTED_ORIGINS = [
-        "https://ngx.cyperpunk.de"
-        "http://100.109.179.25:28101"
-      ];
-
-      # Restliche Einstellungen bleiben gleich
-      PAPERLESS_OCR_LANGUAGE = "deu+eng";
-      PAPERLESS_CONSUMPTION_DIR = "/var/lib/paperless/consume"; # Falls du den Bind-Mount nutzt
-      PAPERLESS_URL = "https://ngx.cyperpunk.de";
+      exporter = {
+        enable = true;
+      };
     };
   };
 
-  # Gruppe und Berechtigungen wie besprochen
   users.users.paperless.extraGroups = [ "users" ];
 
   systemd.tmpfiles.rules = [
@@ -39,6 +33,7 @@
     "z /storage/internal/paperless 0775 root users -"
   ];
 
-  # Öffne den Port für Tailscale (oder das lokale Netz)
-  networking.firewall.allowedTCPPorts = [ 28101 ];
+  networking.firewall.allowedTCPPorts = [
+    28101
+  ];
 }

secrets/secrets.yaml

@@ -25,7 +25,7 @@ sops:
             N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9
             6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-25T01:01:15Z"
-    mac: ENC[AES256_GCM,data:LEoQilJrVhhzLdAyMz2xugOlnsu1j3XyCJbRLnMpRivbOFlqOu9dvwAJJ8gDzizOxTwh/24YD14f+njdPGNSB42O9sD9Mcb9UdB3N2pzHNaaUYQXFDHdqfxTQ93sYkwOP4KZHbMgbtzb1a/1a+G2cLhBcmIZSdOdkAzcVwUVmVY=,iv:D9xDKS2X6AiJi61/a/YbU+DvhTq5XB30HvE85i5lGvo=,tag:ztDsyGvk4KhBa6NJdOqhGg==,type:str]
+    lastmodified: "2026-04-28T20:24:56Z"
+    mac: ENC[AES256_GCM,data:ckUMW2VucN8foLbSk8iKBHOtIOSFi0eOy4d0unLlJZpaKEFO91UofHN00Gh+sfw3jG0VNRWGUhAGxQC+di4LFbITlODPkWOzY10FMAES5FSQVyKkW9gnQY/BGbHlDX63iwZ9FLQEbCg4LSVA1emVlCmZ5QEYy5bBH7LddNdnEbo=,iv:u9akYdHujAuFoSAv0Q7rcsSAn5PJZhBhkKjrBWn0XBg=,tag:GvN2Kgi2+5bTZ7t/tZASRw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.12.2