diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 6df325b..9593963 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -42,22 +42,18 @@ }; # hardened openssh - services = { - fail2ban.enable = true; - endlessh = { - enable = true; - port = 22; - openFirewall = true; - }; - openssh = { - enable = true; - ports = [ 5011 ]; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - AllowUsers = [ "srv" ]; - }; + services.openssh = { + allowSFTP = false; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; }; }; diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index de6e9a8..0d4ec42 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -6,7 +6,7 @@ imports = util.toImports ../features [ # keep-sorted start "alacritty" - "firefox" + "librewolf" "obsidian" # "zen-browser" # keep-sorted end diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix index 4231d89..b0c16b3 100644 --- a/modules/home-manager/features/firefox.nix +++ b/modules/home-manager/features/firefox.nix @@ -12,6 +12,7 @@ "browser.aboutwelcome.enabled" = false; "browser.bookmarks.addedImportButton" = false; "browser.bookmarks.restore_default_bookmarks" = false; + "browser.download.useDownloadDir" = true; "browser.newtabpage.enabled" = false; "browser.safebrowsing.downloads.enabled" = false; "browser.safebrowsing.malware.enabled" = false; @@ -22,6 +23,8 @@ "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; "browser.startup.page" = 3; "browser.tabs.groups.smart.userEnabled" = false; + "browser.tabs.warnOnClose" = true; + "browser.tabs.warnOnOpen" = false; "browser.toolbars.bookmarks.visibility" = "never"; "browser.urlbar.suggest.searches" = false; "datareporting.healthreport.uploadEnabled" = false; @@ -35,18 +38,20 @@ "network.trr.uri" = "https://firefox.dns.nextdns.io/"; "privacy.annotate_channels.strict_list.enabled" = true; "privacy.bounceTrackingProtection.mode" = 1; - "privacy.clearOnShutdown_v2.formdata" = true; "privacy.fingerprintingProtection" = true; "privacy.globalprivacycontrol.enabled" = true; "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.history.custom" = false; "privacy.query_stripping.enabled " = true; "privacy.query_stripping.enabled.pbmode" = true; + "privacy.sanitize.sanitizeOnShutdown" = false; "privacy.trackingprotection.allow_list.baseline.enabled" = true; "privacy.trackingprotection.allow_list.convenience.enabled" = false; "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; "privacy.trackingprotection.emailtracking.enabled" = true; "privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.socialtracking.enabled" = true; + "services.sync.engine.passwords" = false; "sidebar.main.tools" = "syncedtabs,history,bookmarks"; "sidebar.new-sidebar.has-used" = true; "sidebar.position_start" = false; @@ -86,144 +91,144 @@ # keep-sorted start block=yes # sponsorblock "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; - }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; # ublock-origin "uBlock0@raymondhill.net".settings = { advancedUserEnabled = true; diff --git a/modules/home-manager/features/librewolf.nix b/modules/home-manager/features/librewolf.nix new file mode 100644 index 0000000..31a34b2 --- /dev/null +++ b/modules/home-manager/features/librewolf.nix @@ -0,0 +1,255 @@ +{ + pkgs, + ... +}: +{ + programs.librewolf = { + enable = true; + languagePacks = [ "en-GB" ]; + profiles.will = { + settings = { + # keep-sorted start + "browser.aboutwelcome.enabled" = false; + "browser.bookmarks.addedImportButton" = false; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.download.useDownloadDir" = true; + "browser.newtabpage.enabled" = false; + "browser.safebrowsing.downloads.enabled" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.remote.block_potentially_unwanted" = false; + "browser.safebrowsing.remote.block_uncommon" = false; + "browser.search.suggest.enabled" = false; + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.startup.page" = 3; + "browser.tabs.groups.smart.userEnabled" = false; + "browser.tabs.warnOnClose" = true; + "browser.tabs.warnOnOpen" = false; + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.urlbar.suggest.searches" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.usage.uploadEnabled" = false; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "extensions.formautofill.creditCards.enabled" = false; + "general.autoScroll" = true; + "identity.fxaccounts.enabled" = true; + "intl.locale.requested" = "en-GB"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://firefox.dns.nextdns.io/"; + "privacy.annotate_channels.strict_list.enabled" = true; + "privacy.bounceTrackingProtection.mode" = 1; + "privacy.fingerprintingProtection" = true; + "privacy.globalprivacycontrol.enabled" = true; + "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.history.custom" = false; + "privacy.query_stripping.enabled " = true; + "privacy.query_stripping.enabled.pbmode" = true; + "privacy.sanitize.sanitizeOnShutdown" = false; + "privacy.trackingprotection.allow_list.baseline.enabled" = true; + "privacy.trackingprotection.allow_list.convenience.enabled" = false; + "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; + "privacy.trackingprotection.emailtracking.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "services.sync.engine.passwords" = false; + "sidebar.main.tools" = "syncedtabs,history,bookmarks"; + "sidebar.new-sidebar.has-used" = true; + "sidebar.position_start" = false; + "sidebar.revamp" = true; + "sidebar.verticalTabs" = true; + "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.generation.enabled" = false; + "signon.management.page.breach-alerts.enabled" = false; + "signon.rememberSignons" = false; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + # keep-sorted end + }; + search = { + default = "ddg"; + privateDefault = "ddg"; + engines = { }; + order = [ ]; + force = true; + }; + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + # keep-sorted start sticky_comments=no + # detect-cloudflare + bitwarden + dearrow + nixpkgs-pr-tracker + react-devtools + return-youtube-dislikes + sponsorblock + ublock-origin + # keep-sorted end + ]; + settings = { + # keep-sorted start block=yes + # sponsorblock + "sponsorBlocker@ajay.app".settings = { + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; + # ublock-origin + "uBlock0@raymondhill.net".settings = { + advancedUserEnabled = true; + selectedFilterLists = [ + "user-filters" + "ublock-filters" + "ublock-badware" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "easylist" + "easyprivacy" + "adguard-spyware-url" + "urlhaus-1" + "plowe-0" + ]; + }; + # keep-sorted end + }; + }; + }; + }; +} diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 66e50bb..7a9f017 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -12,7 +12,6 @@ "cryptpad" "fi33.buzz" "gatus" - "forgejo" "homepage-dashboard" "immich" "jellyfin" diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index c1243e6..bba0af7 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -16,7 +16,6 @@ "nixvim" "syncthing" "systemd-boot" - "tailscale" # keep-sorted end ]; @@ -61,7 +60,7 @@ ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address - topydo # todo.txt helper tool + # topydo # todo.txt helper tool tt # typing test wtfutil # terminal homepage xh # curl diff --git a/modules/nixos/features/forgejo.nix b/modules/nixos/features/forgejo.nix deleted file mode 100644 index ac2d647..0000000 --- a/modules/nixos/features/forgejo.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - config, - lib, - ... -}: -let - port = 5027; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "git.fi33.buzz"; - url = "https://git.fi33.buzz"; - sshPort = lib.head config.services.openssh.ports; -in -{ - services = { - forgejo = { - enable = true; - dump = { - enable = true; - interval = "00:00"; - }; - lfs.enable = true; - settings = { - server = { - # keep-sorted start - DOMAIN = hostname; - HTTP_PORT = port; - ROOT_URL = url; - SSH_PORT = sshPort; - # keep-sorted end - }; - service.DISABLE_REGISTRATION = true; - }; - user = "git"; - group = "git"; - }; - - openssh.settings.AllowUsers = [ "git" ]; - - gatus.settings.endpoints = [ - { - name = "Forgejo"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - { - name = "Forgejo SSH"; - group = "Private Services"; - url = "ssh://${hostname}:${toString sshPort}"; - interval = "5m"; - conditions = [ - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = { - onsite.paths = [ "/var/lib/forgejo" ]; - offsite.paths = [ "/var/lib/forgejo" ]; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - users = { - users.git = { - home = "/var/lib/forgejo"; - useDefaultShell = true; - group = "git"; - isSystemUser = true; - }; - groups.git = { }; - }; -} diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index d7ac6ef..3516600 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -23,7 +23,6 @@ let secrets = [ # keep-sorted start - "forgejo-read-token" "immich" "jellyfin" "kavita-api" @@ -80,18 +79,6 @@ in } { "Media Management" = [ - { - Forgejo = { - description = "Software forge"; - icon = "forgejo.svg"; - href = "https://git.fi33.buzz/"; - widget = { - type = "gitea"; - url = "https://git.fi33.buzz/"; - key = "@forgejo-read-token@"; - }; - }; - } { Radarr = { description = "Movie organizer/manager"; diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 0f74271..0b141f7 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -86,7 +86,7 @@ in ]; } else - null; + { }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy http://localhost:${toString port} diff --git a/secrets/forgejo-read-token.age b/secrets/forgejo-read-token.age deleted file mode 100644 index dceb6b9..0000000 Binary files a/secrets/forgejo-read-token.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 795eecb..2bd9a15 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,7 +18,6 @@ in "borgbackup-offsite.age".publicKeys = users; "borgbackup-onsite.age".publicKeys = users; "copyparty.age".publicKeys = users; - "forgejo-read-token.age".publicKeys = users; "gatus.age".publicKeys = users; "git_signing_key.age".publicKeys = users; "git_signing_key.pub.age".publicKeys = users;