Sets the custom frontend URL to dynamically point to a subdomain based on the domain configuration. This ensures correct routing and accessibility of the application's frontend.
Removes the systemd tmpfiles rule and service that attempted to fix
permissions for extensions deployed to `/var/lib/lnbits/extensions`.
This change is necessary because the initial approach of fixing
permissions was not reliable and caused more issues than it solved.
The intended approach is to provide a better method for managing
extensions in a future update.
Implements a new module for backing up LNbits data using Borg.
This module automates hourly backups, encrypts the data, and provides point-in-time recovery. It includes scripts for listing, restoring, and mounting backups. A comprehensive setup guide is provided in the documentation.
The configuration allows specifying the Borg repository location, schedule, compression settings, retention policy, and SSH key for secure access.
Updates the Nginx configuration to correctly route websocket
requests by extending the location matching regular expression.
This change ensures that all websocket endpoints, including those
with a '/ws' suffix, are properly proxied to the backend server.
Sets the LNBITS_BASEURL based on the domain variable
and configures forwarded IPs.
Removes default installation of extensions and keeps
admin and user extensions configuration to streamline
the initial setup.
Ensures correct ownership for LNBits extensions deployed via krops.
Creates a systemd service to fix ownership issues and sets up a symlink.
This allows LNBits to properly access and use extensions, preventing permission-related errors.
Updated shared.nix to enhance domain parameter propagation and modified configuration.nix to utilize the inherited domain for machine-specific setups. Adjusted example-service.nix to accept the domain as an argument, improving modularity. Additionally, added a new documentation file explaining the LNBits flake deployment process, detailing architecture, key components, and deployment instructions for better onboarding and understanding of the system.
Updated the .gitignore to include machine-specific configurations and secrets handling. Expanded the DEPLOYMENT-GUIDE.md to provide detailed instructions for adding new machines using a template, along with steps for managing encrypted secrets. Introduced example configuration files for boot settings and a sample WireGuard service, improving modularity and flexibility in the NixOS deployment process. Adjusted krops.nix to reference the correct path for machine-specific configurations.
Updated the lnbits.nix configuration to set appropriate permissions on the extensions directory and create a symlink for LNBits extensions, improving security and functionality.
Updated the lnbits.nix configuration to import the LNBits service module from a flake, improving maintainability and alignment with deployment practices. Adjusted the shared configuration to make the 'domain' parameter accessible to all imported modules, and removed the deprecated lnbits-service.nix file to streamline the setup.
Expanded the DEPLOYMENT-GUIDE.md to include a comprehensive section on managing encrypted secrets using Passage and Pass. Detailed steps for setting up, creating, and deploying machine-specific secrets, along with security notes. Updated krops.nix and config/lnbits.nix to include configurations for deploying custom LNBits extensions, enhancing the flexibility and security of the NixOS deployment process.
Introduced a comprehensive guide for adding machine-specific services in the DEPLOYMENT-GUIDE.md, including steps to configure WireGuard for specific machines. Added example configuration files for boot settings, machine-specific configurations, and an example service for WireGuard. This enhances the modularity and flexibility of the NixOS deployment process, allowing for tailored configurations per machine.
Modified krops.nix to switch to a git-based nixpkgs source, noting the initial download cost. Updated shared.nix to change module imports to absolute paths and enabled experimental Nix features. Adjusted configuration.nix to import shared configuration from an absolute path and updated the domain name for machine1. These changes enhance clarity, maintainability, and functionality in the NixOS setup.
Modified the LNBits service configuration to accept 'pkgs' as an argument and updated the package reference to use the deployed flake source located at '/var/src/lnbits-src'. This change enhances the flexibility and maintainability of the configuration by ensuring it aligns with the current deployment structure.
Updated the shared Nix configuration to replace dots in the domain with hyphens for hostname setting, enhancing clarity. Additionally, enabled experimental Nix features, including 'nix-command' and 'flakes', to improve functionality and flexibility in the NixOS setup.
Updated the shared Nix configuration to extract the hostname from the domain, enhancing clarity in the setup. Reordered module imports to ensure proper dependency management, including the addition of module arguments for better customization. This change improves the overall organization and maintainability of the NixOS configuration.
Introduced a new configuration for the LNBits service, enabling it with customizable options such as host, port, and environment variables. The Nginx configuration has been updated to include WebSocket support and proxy settings for LNBits, ensuring secure and efficient handling of requests. This enhances the overall web service management and modularity of the NixOS setup.
Introduced separate configuration files for Nginx and pict-rs, enabling a streamlined setup for web services. The Nginx configuration includes reverse proxy settings, automatic SSL certificate generation with Let's Encrypt, and fail2ban for security. The pict-rs configuration facilitates image service management with CORS support. Updated the shared configuration to import these new files, improving modularity and maintainability of the NixOS setup.
Enhanced the shared Nix configuration by adding recommended settings for Nginx, including Gzip, optimization, and TLS settings. Disabled proxy settings to prevent interference with WebSocket. Additionally, enabled automatic SSL certificate generation using Let's Encrypt and configured fail2ban for improved security.
This update aims to strengthen the web application's security and performance while maintaining flexibility in the Nginx setup.
Updated the shared Nix configuration to replace the hostname parameter with a domain parameter, allowing for more flexible virtual host configurations. Adjusted machine1 and machine2 configurations to reflect this change, ensuring proper domain usage for Nginx virtual hosts, including new entries for web-app, LNbits, and image services.
Introduces a shared configuration file to streamline machine-specific settings for NixOS deployments. This includes:
- Hostname configuration
- Common system packages (vim, git, htop)
- SSH service enablement
- Nginx setup with virtual host configuration
- Firewall rules for HTTP/HTTPS access
Updates machine-specific configurations to import shared settings, reducing redundancy and improving maintainability.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
