diff --git a/hosts/vps-private/default.nix b/hosts/vps-private/default.nix index cdc2d0b..2dd1244 100644 --- a/hosts/vps-private/default.nix +++ b/hosts/vps-private/default.nix @@ -52,11 +52,6 @@ domain = "budget.${privateDomain}"; doBackups = true; }; - - karakeep = { - enable = true; - domain = "bookmarks.${privateDomain}"; - }; }; }; } diff --git a/hosts/vps-private/secrets.json b/hosts/vps-private/secrets.json index 1be85cb..76bac85 100644 --- a/hosts/vps-private/secrets.json +++ b/hosts/vps-private/secrets.json @@ -21,9 +21,6 @@ "api-key": "ENC[AES256_GCM,data:RV/+aEQRcfQ9LMjZjxGNvCeiso51VqvqrOBRRrR/dXhmBvyoGuh2LaAjyoDoWEjWy5kIStStR+jXZEFWZ8KXvnmEnoU=,iv:j3sYW85Vf88EfeOfezlspDxEms6YqZYnzy5JAiES3+U=,tag:0M9vDvsirc6ze3Ut+yMSoA==,type:str]", "secret-api-key": "ENC[AES256_GCM,data:SUngZ65fBmC9WlPkmJMjyBb6sHREKhqyRj9fsBGkj5IyjtGDfQ1b7Iv0VNeSY//bWv0VZruwT48a320BUlg1xiNCKU8=,iv:glUaArlHJsxCP5z3y7JnWvmtsdRzszXhYydpd1YaX5U=,tag:185iAkQ/J9CfKkTsgPP6lA==,type:str]" }, - "karakeep": { - "openai-api-key": "ENC[AES256_GCM,data:ZOVkdDWpSJ98spHm3XUuGZ4vrRBEUyCBE4Nnpm/zVwKSi6yDbbKyZffc4jwOiffUVhwM5HKmUEosI2Qdn7Z7yjJHSHgrn9mN/e7mKIrPkzZx+FNsVfPx6RAzstgbxkBjBshGiGEPcamevAMEhPlnhucqwanDk65OSn6ohQ+RCsQvKe9HsgvVq6ERPGWkHKPAAaop5asZ3ljjQ4ZEla/Q3K7/HjC6hqg=,iv:Dmx6C3jyNk4lFlv220Dkp4+UFQEushPgEwN9hexbZtU=,tag:8w55PPnbrysohj1kUztADA==,type:str]" - }, "sops": { "age": [ { @@ -35,8 +32,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU01heng3NHdrYnZFZmZn\nZlJtUUIyd1ExTmhzeU5iZFZadFcwR25GOEVZCmxHOXNWQVh1ZlJSRHJtaDVHNVUv\nbTY0TlNmZ2hESDkzS2M3WHdlamxwclkKLS0tIEEvOFd3TDFkQmQwbjBodHhpb1BD\nZ2NvTnNqQmtrLy9aVDdGRGxZbVgrZG8KdnnjJWcjZFu3R8fVKToj6THHHRCFou9k\njQoedCZAML2A2FZIhHugH9wnDUPQQjG86WbcCBuFWcOTGiTF2gN+Qg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-02-10T16:57:40Z", - "mac": "ENC[AES256_GCM,data:nxP4NpN42CrhfBncgepdrF/4J9inbmFiTUy8y0DUWiP+5Utp2Xdz7ySiPOCXqBLBasqPO8TvL1CfK5uPnST+n7EspZAyCDfzrc6x5dVkmE9DrURrAep8Yz3OmpK/udgn5SKIByHxdoo5I3CHkLLr7VwgETTxlMxJtnMLNfcy8zA=,iv:VURJnLY8onsXt8c7zcHfeOPHkHb/xiEASOvMrvaayZ4=,tag:wmsoeeXYSy/Z/E8Wr6ioGQ==,type:str]", + "lastmodified": "2026-01-14T19:40:46Z", + "mac": "ENC[AES256_GCM,data:+0TFeTpGFWwry9PdMMrLTdpvqccvsTh2x1Sh1tpaK3SGa4o+dSC1qKsHMmlhMscuPeo/NbnSHXQ0gW6uuc6KqI4oWP/d806PCKVICKBHmuPiWV5v8o0HmTuK43kSQrwsoaf1+MymfDzBNfCE0S3exEFGkF64fCwofF7LscKsuS8=,iv:yv/igV1ZugPIuCwPY/vK3WbDP8qb6YAaG48QmvHPVdA=,tag:uBeyG0eLOqu3GAI7+ZJoQQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/modules/home/programs/firefox.nix b/modules/home/programs/firefox.nix index 0f78491..50b7087 100644 --- a/modules/home/programs/firefox.nix +++ b/modules/home/programs/firefox.nix @@ -5,76 +5,10 @@ lib, ... }: -let - cfg = config.custom.programs.firefox; - - mkExtension = - { - name, - uuid, - defaultArea, - ... - }: - { - name = uuid; - value = { - install_url = "file:///${ - inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}.${name} - }/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/${uuid}.xpi"; - installation_mode = "force_installed"; - default_area = defaultArea; - }; - }; -in { - options.custom.programs.firefox = { - enable = lib.mkEnableOption ""; - extensions = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - options = { - enable = lib.mkEnableOption "" // { - default = true; - }; - name = lib.mkOption { - type = lib.types.nonEmptyStr; - default = name; - }; - uuid = lib.mkOption { - type = lib.types.nonEmptyStr; - default = ""; - }; - defaultArea = lib.mkOption { - type = lib.types.enum [ - "menupanel" - "navbar" - ]; - default = "menupanel"; - }; - }; - } - ) - ); - default = { }; - }; - }; - - config = lib.mkIf cfg.enable { - custom.programs.firefox.extensions = { - dictionary-german.uuid = "de-DE@dictionaries.addons.mozilla.org"; - ublock-origin.uuid = "uBlock0@raymondhill.net"; - bitwarden.uuid = "{446900e4-71c2-419f-a6a7-df9c091e268b}"; - return-youtube-dislikes.uuid = "{762f9885-5a13-4abd-9c77-433dcd38b8fd}"; - sponsorblock.uuid = "sponsorBlocker@ajay.app"; - clearurls.uuid = "{74145f27-f039-47ce-a470-a662b129930a}"; - karakeep = { - uuid = "addon@karakeep.app"; - defaultArea = "navbar"; - }; - }; + options.custom.programs.firefox.enable = lib.mkEnableOption ""; + config = lib.mkIf config.custom.programs.firefox.enable { programs.firefox = { enable = true; @@ -106,16 +40,29 @@ in }; policies.ExtensionSettings = - ( - cfg.extensions - |> lib.attrValues - |> lib.filter ({ enable, ... }: enable) - |> lib.map mkExtension - |> lib.listToAttrs - ) - // { + let + extension = shortId: uuid: { + name = uuid; + value = { + install_url = "file:///${ + inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}.${shortId} + }/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/${uuid}.xpi"; + installation_mode = "force_installed"; + default_area = "menupanel"; + }; + }; + in + { "*".installation_mode = "blocked"; - }; + } + // lib.listToAttrs [ + (extension "dictionary-german" "de-DE@dictionaries.addons.mozilla.org") + (extension "ublock-origin" "uBlock0@raymondhill.net") + (extension "bitwarden" "{446900e4-71c2-419f-a6a7-df9c091e268b}") + (extension "return-youtube-dislikes" "{762f9885-5a13-4abd-9c77-433dcd38b8fd}") + (extension "sponsorblock" "sponsorBlocker@ajay.app") + (extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}") + ]; }; }; } diff --git a/modules/system/web-services/karakeep.nix b/modules/system/web-services/karakeep.nix deleted file mode 100644 index 19d1449..0000000 --- a/modules/system/web-services/karakeep.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.custom.web-services.karakeep; -in -{ - options.custom.web-services.karakeep = { - enable = lib.mkEnableOption ""; - domain = lib.mkOption { - type = lib.types.nonEmptyStr; - default = ""; - }; - port = lib.mkOption { - type = lib.types.port; - default = 18195; - }; - }; - - config = lib.mkIf cfg.enable { - sops = { - secrets."karakeep/openai-api-key" = { }; - templates."karakeep.env" = { - content = "OPENAI_API_KEY=${config.sops.placeholder."karakeep/openai-api-key"}"; - owner = config.users.users.karakeep.name; - restartUnits = [ "karakeep-web.service" ]; - }; - }; - - services.karakeep = { - enable = true; - environmentFile = config.sops.templates."karakeep.env".path; - extraEnvironment = { - PORT = toString cfg.port; - DISABLE_NEW_RELEASE_CHECK = "true"; - OCR_LANGS = "eng,deu"; - }; - }; - - users = { - users.meilisearch = { - isSystemUser = true; - group = config.users.groups.meilisearch.name; - }; - groups.meilisearch = { }; - }; - - systemd.services.meilisearch.serviceConfig = { - DynamicUser = lib.mkForce false; - User = config.users.users.meilisearch.name; - Group = config.users.groups.meilisearch.name; - ReadWritePaths = lib.mkForce [ ]; - }; - - custom = { - services.caddy.virtualHosts.${cfg.domain}.port = cfg.port; - - persistence.directories = [ - "/var/lib/karakeep" - "/var/lib/meilisearch" - ]; - }; - }; -}