DaH NixOS juH De'wI'wIj polmeH ghu' vIchoHpu'. jaj script vIlo'be', 'ach rep polmeH ghu' vIlo'. jupwI' Mastodon De'wI' 'IHqu' law' ghu'wIj 'IH puS – pa' 20 tupmey ZFS snapshotmey lu'agh – 'ach ghu'vam vImuSHa'. NixOS vImuSHa'choH. AI (De'wI' 'ong) vIlo'be'chugh, ghu'vam vIyajlaHbe', 'ach DaH Nix-De'ghunmey vIlaDlaH. Linux motlh vIlo' vInabpu', 'ach DaH majQa' ghu'vam...
-
/etc/nixos: NixOS ghu' (hoch .nix De'ghunmey).
-
/opt/minecraft: Minecraft qo'mey De' je.
-
/opt/satisfactory: Satisfactory quv De' ghu' je.
-
/opt/Blog: Blog mu'ghun De' je.
-
/opt/ui: Mastodon-UI 'ay'mey.
-
/opt/audiobookshelf: paq chu'wI' De'ghun je.
S3 De' lulDaq RClone lo'taHvIS hoch De' vIlan.
NixOS ghu'
{ config, pkgs, ... }:
{
# BorgBackup ghu'
services.borgbackup.jobs.hourly = {
# S3-mountDaq repository He
repo = "/opt/S3/Backup/NixOSHomeServer_Borg";
# peghmu' nIteb
encryption.mode = "none";
# De' tIn choHmeH
compression = "auto,zstd";
# He polmeH
paths = [
"/etc/nixos"
"/opt/minecraft"
"/opt/satisfactory"
"/opt/Blog"
"/opt/ui"
"/opt/audiobookshelf"
];
# hoch rep
startAt = "hourly";
# repository tagh
doInit = true;
# polmeH chot
prune.keep = {
within = "1d"; # hoch snapshotmey 24 rep ret
daily = 7;
weekly = 4;
monthly = 12;
};
};
# S3-mount ghu' lugh 'e' yInID, Borg taghpa'
systemd.services.borgbackup-job-hourly = {
requires = [ "rclone-s3-mount.service" ];
after = [ "rclone-s3-mount.service" ];
};
}
wa'DIch blog-Setup vIghunmeH IPv6 neH vIwiv, WireGuard vIlo'taHvIS, juH-De'wI'vam vIlo'mo' (IPv6-lan-mey lI' 'ej ngeD route64.orgDaq SuHevlaH). lIghlaHghach vIchoHmeH, IPv4-Proxy Hur vIchelta' (qatlho' @Larvitz).
ghu'vammo' SSL-Qas lumaS: A-Record 'ej AAAA-Record Proxy lIghmo', Let's Encrypt-Validierung De'wI'wIjDaq Qapbe'.
pab: „IPv6-Hack“
AAAA-Eintrag WireGuard-IP De'wI'wIjDaq vIghach.
- Domain:
blog.burningboard.org
- A-Record (Proxy):
194.28.98.217
- AAAA-Record (Server):
2a11:6c7:f05:a8::2 (WireGuard)
AAAA-Eintragvammo' Let's Encrypt IPv6 lo'taHvIS De'wI'wIj lIghlaH (AAAA-Record lumaS) 'ej SSL-Zertifikat nob. IPv4-Traffic Proxy peghmo' jIHvaD lI'ta'.
ghunghach Qav
reH QapmeH, Caddy-Server wIchoHnIS:
1. De'wI'wIjDaq (NixOS, blog.nix)
IP-mey lI' vIHevmeH, Proxy vIHar:
services.caddy.globalConfig = ''
servers {
trusted_proxies static 2a06:9801:1c:1000::10
}
'';
2. Proxy HurDaq (Caddy)
Proxy HTTPS lo'meH, Hostname (SNI) lI'nIS:
reverse_proxy [https://[2a11:6c7:f05:a8::2]:443](https://[2a11:6c7:f05:a8::2]:443) {
header_up Host {host}
transport http {
tls_server_name blog.burningboard.org
}
}
DaH IPv4 'ej IPv6 lo'taHvIS blog vIghlaH, pegh 'ej juH-IPwIj peghtaH! 🚀
potlhqu'bogh: Markdown De'wI' ngoghmey lulo'taH – De'wI' ngoghmeyvam vImuSHa'qu'. 'ach 'oH dungDaq law' ghotmey choHta':
Setup vIchoHpu':
📂 MD-De'wI' ngoghmey: Markdown lo'taH lut chovnatlh.
🌍 qo' naQ: 43 Holmey mughlaH lutwIj. HIja', tlhIngan Hol je! 🖖 (Qapla'!)
De'wI' mughghach vInabpu'. De'wI' ghotvam'e' Hol lI'ghach lo'taH. ghuH: 'oH Qapbe'qu'. 'IDnar pIn'a' Dun, 'ach 'oH pI'be'qu' 'e' vIlegh.
meq: DaH lutmey **
nom WriteFreely vIlo'meH vImevta' 'ej chenmoHghachwIj MD-blog vIlo'choHta' (Markdown 'oH MD'e', qar'a'?). choHghach lulpu'bogh mo' ghu'vam chen, 'ach qaleghDI', ghu'vam vIparHa'qu'. DaH Hoch vInge'chu' 'ej ghunghach vIwuq.
data/ lulDaq Markdown De' ngevwI'mey 'oH tIq'e'. ghunchoHtaHvIs De'wI', De' ngevwI'meyvam HTML chu' vImojmoH. nomqu' ghu'vam, De' lul'a' vIlo'be' 'ej ghunghach patwIj (Hurghghach je) mo' DaH vInabpu'bogh rur. DaH Mastodon-reghulu'meH mI'wI' chu' vIlo' je.
ghunghach pagh patvam vInge'chu'bogh tIparHa'chugh, Mastodon lo'taHvIs HIja'!
Winboat qech 'oH Dun, 'ach DaH lI'be' rur. DIS pemHov vIcherpu'DI' lI'taH, 'ach DaHjaj lI'be'chu' De'wI' lI'.
RAM machqu' 'oH Image. vIchoH vInID, 'ach vIghajlaHbe'choH. Qu' vImej 'ej Dockurr Windows-Image vIlo'choH - Winboat 'oH 'oH.
1. ghomghach
Podman vIlo'mo', De'wI'wIjDaq ghogh vIcherpu'. Container vIcherqa'chugh, De' vIghajtaH:
mkdir -p $HOME/Windows/System
mkdir -p $HOME/Windows/Shared
2. chu'meH ra'Daj
potlh: -e USERNAME 'ej -e PASSWORD yIchoH.
podman run -d \
--name windows \
-p 8006:8006 \
--device=/dev/kvm \
--cap-add NET_ADMIN \
-e RAM_SIZE="8G" \
-e USERNAME="Carsten" \
-e PASSWORD="1234" \
-e LANGUAGE="German" \
-v $HOME/Windows/System:/storage:Z \
-v $HOME/Windows/Shared:/shared:Z \
--stop-timeout 120 \
dockurr/windows
Container lI'DI', Browser lo'taHvIs Windows yIlegh:
http://127.0.0.1:8006
3. tlhobghach
wa'logh ra'Daj vIlo'pu'. DaH Windows vIlo'laH:
- chu'meH:
podman start windows
- mejmeH:
podman stop windows (pagh Windows yImej)
- leghmeH:
podman ps -a
latlh QuV:
Blog vIcherpu' — #NixOS vIghojmeH. ngeDqu' 'e' vItu'pu'.
WriteFreely lI'qu': mach, nom cherlu'. ghojmeH 'ej taghmeH maj. choHghach vIleghlaH. wivwI'mey vIwiv, Reverse Proxy vIlo' — rIn.
NixOS-Daq choHghachwIj:
{ config, pkgs, ... }:
{
services.writefreely = {
enable = true;
host = "blog.burningboard.org";
settings = {
server = {
port = 8080;
min_log_level = "debug";
};
app = {
host = "https://blog.burningboard.org";
single_user = true;
landing = "/read";
wf_modesty = true;
federation = true;
public_stats = true;
theme = "write";
};
};
stateDir = "/opt/writefreely";
};
# Fix für die ActivityPub-Schlüsselgenerierung: Föderation erfordert openssl
systemd.services.writefreely.path = [ pkgs.openssl ];
# Automatisches Erstellen des Datenverzeichnisses mit den korrekten Berechtigungen
systemd.tmpfiles.rules = [
"d /opt/writefreely 0700 writefreely writefreely -"
];
services.caddy.virtualHosts."blog.burningboard.org".extraConfig = ''
reverse_proxy 127.0.0.1:8080 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
'';
}
rIn. NixOS lo'taHvIs, janmey vIcherlaH 'ej vIchoHlaH. ngeDqu'.
