Reassign multiple service frontends from 81xx to 80xx ports (Forgejo,
ntopng, AdGuard, Scrutiny, Paperless, Whats Up Docker, etc.) and update
homepage links.
Configure ACME (webroot) and add certs for kempinger.at,
webadmin.kempinger.at,
and bilder.kempinger.at; update nginx virtual hosts to use ACME hosts
and
serve the ACME challenge path.
Add users stalwart-mail and nginx to the acme group and open
SMTP-related
firewall ports (25, 587) plus mail UI ports (8090, 8091).
Add and configure the Stalwart mail service (SMTP, submissions, IMAP,
JMAP)
and adjust related service ports/settings (ntopng, scrutiny, influxdb,
WUD).
Stop appending wind_speed_unit in weather.forecast_home value to avoid
duplicating units (the attribute already supplies the units). Also add
libwebp to the kemptop package list for WebP image support.
Bump nixpkgs and rust-overlay in flake.lock. Add a wud container
(ghcr.io/getwud/wud) on port 8186 and enable paperless on port 8187
with OCR settings and public consumption. Switch homepage theme to
light and set a background image. Comment out onnxruntime CUDA overlay.
Open firewall ports for Scrutiny (8185) and homepage (8080).
Add binutils to systemPackages and enable services.influxdb2.
Configure Scrutiny to use InfluxDB.
Enable homepage-dashboard with widgets, bookmarks and an
environmentFile for secrets.
Fix docker pull string formatting and minor whitespace cleanup.
Add detailed fail2ban configuration: global settings, immich and
forgejo jails with systemd backend, journalmatch identifiers and
local filter definitions.
Remove standalone services.fail2ban.enable and eliminate unused
TCP port 9000 plus a debug log-level flag in netflow2ng. Add nixpkgs
overlay to
build onnxruntime with cudaSupport.
Enable hardware.graphics, nvidia.open and nvidia-container-toolkit; set
xserver video driver to nvidia and enable nixpkgs.allowUnfree
Update Frigate container to stable-tensorrt, add nvidia GPU device,
mount model cache and add --privileged
Add lshw to system packages
