diff --git a/.envrc b/.envrc deleted file mode 100644 index 0a722d7..0000000 --- a/.envrc +++ /dev/null @@ -1 +0,0 @@ -use nix; diff --git a/.gitignore b/.gitignore index 9c43034..7ea4304 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ keys.toml -.direnv diff --git a/animal/Makefile b/animal/Makefile new file mode 100644 index 0000000..9c3acda --- /dev/null +++ b/animal/Makefile @@ -0,0 +1,3 @@ +.PHONY: deploy +deploy: + nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com diff --git a/animal/configuration.nix b/animal/configuration.nix new file mode 100644 index 0000000..137722c --- /dev/null +++ b/animal/configuration.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: { + +# config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ +# "minecraft-server" +# ]; + + imports = [ + ./hardware-configuration.nix + ./web.nix + ./monitoring.nix + ./kathe.nix + ./eric.nix + ]; + + networking.hostName = "animal"; + time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + fileSystems."/mnt/nas" = { + device = "//home.chandlerswift.com/chandlerpublic"; + fsType = "cifs"; + options = [ "guest" "port=55445" ]; + }; + +# services.minecraft-server = { +# enable = true; +# declarative = true; +# eula = true; +# dataDir = "/srv/minecraft"; +# openFirewall = true; +# whitelist = { +# chandlerswift = "04095aeb-edec-3c3f-b0d5-d703fab53c9c"; +# villlater = "90b7fcd6-9f43-38c5-8ea2-163f13b092f0"; +# LarryHorton = "de963636-138f-3ef4-8c52-a2dcf9a328f4"; +# IsaacSwift = "88e17365-4b63-3385-a4b6-b2c4864b0b98"; +# Mayornnaise = "be25bf89-ef07-3fa3-926b-20b939df62f1"; +# Ripptide66 = "a94051cb-5769-3726-86b5-bc9fe4cbe5f5"; +# }; +# }; + + services.murmur = { + # TODO https://nixos.org/manual/nixos/stable/options#opt-services.murmur.enable + # TODO https://github.com/azlux/botamusique + #enable = true; + }; + + environment.systemPackages = with pkgs; [ rsync ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; + +# services.jitsi-meet = { +# enable = true; +# hostName = "meet.animal.chandlerswift.com"; +# nginx.enable = false; +# caddy.enable = true; +# }; +# services.jitsi-videobridge.openFirewall = true; + + + networking.firewall.allowedTCPPorts = [ + 80 # Caddy + 443 # Caddy + ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + system.stateVersion = "24.05"; + +} + diff --git a/animal/eric.nix b/animal/eric.nix new file mode 100644 index 0000000..4eb1783 --- /dev/null +++ b/animal/eric.nix @@ -0,0 +1,17 @@ +{ + +# users.users.eric = { +# isNormalUser = true; +# description = "Eric Villnow"; +# openssh.authorizedKeys.keys = [ +# # TODO +# ]; +# }; + + services.caddy.virtualHosts."nas.ericvillnow.com" = { + serverAliases = ["nas.vill.how"]; + extraConfig = '' + reverse_proxy http://192.168.10.11:80 + ''; + }; +} diff --git a/animal/hardware-configuration.nix b/animal/hardware-configuration.nix new file mode 100644 index 0000000..9bf6dc6 --- /dev/null +++ b/animal/hardware-configuration.nix @@ -0,0 +1,19 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/FDD2-F69B"; fsType = "vfat"; }; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; }; + swapDevices = [{ + device = "/swapfile"; + size = 4 * 1024; # 4GB + }]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; +} diff --git a/animal/kathe.nix b/animal/kathe.nix new file mode 100644 index 0000000..f083c75 --- /dev/null +++ b/animal/kathe.nix @@ -0,0 +1,26 @@ +{ + + users.users.kathe = { + isNormalUser = true; + description = "Käthe Swift"; + openssh.authorizedKeys.keys = [ + # TODO: ed25519 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTORULg2qqAJs5i9V7YpavlDaQBdPsEtj7s23B50qRz+VjP9rNQC8F2bVgI1BbI7CqQho2IFCG2nAiBqciLAMxTqaihI6OlNyhVJvkVSXxy2ru8NEKTPA2UnciepxeyQGfgstv8d+8mLiDbcytWDbtNoTymhy5DjCwki8gnQQTO1XVcJr5N12OsvoaCcikYQwTcxgXG0rVxlg/DUQJeaV1hZdHwpgr1cbdX2JxMONo8wcW5Ox5ZJs/+Zz72iOfoa9DXJChfdOQ5dMC+WVGwd3JbHQLWQmnCepYBKiUv8JMN7ZkDBcyIFJ+dc7F/CwBrPAF9g93GEauEilWulKV4AmbqdxY+lK/hp0fSr69H4bkqLmeAeXTHIlTge1FuQKNSKHeBhQ4y7OxDc0IEzDCE7OXT04fn6etsZcFb2JIYhFZWKGxiwSYWAjfdkmVnC48sC6Q3Heonk/IxZwbKVOUlo7B0q43A4PzTWiOWFcFKDGXn3KrNRCXuLfaYxYDyTEc2ss=" + ]; + }; + + services.caddy.virtualHosts."piano.animal.chandlerswift.com".extraConfig = '' + encode gzip + file_server + root /srv/piano.animal.chandlerswift.com + # hide .git # ??? + ''; + systemd.tmpfiles.settings."10-piano-animal-chandlerswift-com" = { + "/srv/piano.animal.chandlerswift.com" = { + d = { + user = "kathe"; + mode = "0755"; + }; + }; + }; +} diff --git a/animal/monitoring.nix b/animal/monitoring.nix new file mode 100644 index 0000000..707d3ba --- /dev/null +++ b/animal/monitoring.nix @@ -0,0 +1,20 @@ +{ + services.grafana = { + enable = true; + settings = { + server = { + http_addr = "127.0.0.1"; + http_port = 3000; + domain = "monitoring.animal.chandlerswift.com"; + }; + }; + }; + + services.prometheus = { + enable = true; + }; + + services.caddy.virtualHosts."monitoring.animal.chandlerswift.com".extraConfig = '' + reverse_proxy :3000 + ''; +} diff --git a/animal/web.nix b/animal/web.nix new file mode 100644 index 0000000..6e0e106 --- /dev/null +++ b/animal/web.nix @@ -0,0 +1,20 @@ +{ + services.caddy = { + enable = true; + virtualHosts."animal.chandlerswift.com".extraConfig = '' + respond "Hello, world!" + ''; + }; + + services.caddy.virtualHosts."maps.animal.chandlerswift.com".extraConfig = '' + encode gzip + file_server + root /srv/maps.animal.chandlerswift.com + # hide .git # ??? + ''; + systemd.tmpfiles.settings."10-maps-animal-chandlerswift-com" = { + "/srv/maps.animal.chandlerswift.com" = { + d = {}; + }; + }; +} diff --git a/bert/Makefile b/bert/Makefile deleted file mode 100644 index c6583fc..0000000 --- a/bert/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# https://stackoverflow.com/a/23324703 -current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) - -.PHONY: deploy -deploy: - rsync -avz $(current_dir)/ root@bert:config/ - ssh root@bert nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix - -.PHONY: local-build-deploy -local-build-deploy: - nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@bert --target-host root@bert - -.PHONY: deploy-upgrade -deploy-upgrade: - rsync -avz $(current_dir)/ root@bert:config/ - ssh root@bert nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix diff --git a/bert/README.md b/bert/README.md deleted file mode 100644 index 5fc22b6..0000000 --- a/bert/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Installation -1. Install NixOS minimal -2. `ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key` -2. Enable SSH server and add root SSH key -3. Deploy updated config with `make` -4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking) - 1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key -5. Deploy content to web services - -# Notes on Caddy -Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what -content-types should be compressed: - -https://github.com/caddyserver/caddy/blob/v2.7.6/modules/caddyhttp/encode/encode.go#L85-L101 - -Specifically, this doesn't include GeoJSON, which is a bit of a shame for -maps.chandlerswift.com. That said, I'll probably be upgrading to 24.11 as soon -as it comes out, so in the intervening time I'm just not going to worry about -it. - -The list was expanded in this PR: - -https://github.com/caddyserver/caddy/pull/6081 diff --git a/bert/configuration.nix b/bert/configuration.nix deleted file mode 100644 index c475e2a..0000000 --- a/bert/configuration.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - imports = - [ - ./hardware-configuration.nix - ./services/factorio.nix - ./services/http/index.nix - ./services/monitoring.nix - ./services/forgejo.nix - ]; - - # Bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.timeout = 1; - - # Set up SSH unlocking - boot.kernelParams = [ "ip=dhcp" ]; - boot.initrd = { - availableKernelModules = [ "e1000e" ]; - network = { - enable = true; - flushBeforeStage2 = true; # Without this, stage2 IPv6 config is messed up? - ssh = { - enable = true; - port = 22; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com" ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - shell = "/bin/cryptsetup-askpass"; - }; - }; - }; - - boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1"; - networking.hostName = "bert"; - - # Enable networking - networking.networkmanager.enable = true; - - time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; - services.xserver.xkb = { - layout = "us"; - variant = ""; - }; - - environment.systemPackages = with pkgs; [ - rsync - ]; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.settings.PasswordAuthentication = false; - users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; - - networking.firewall.allowedTCPPorts = [ - 80 # Caddy - 443 # Caddy - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - -} diff --git a/bert/hardware-configuration.nix b/bert/hardware-configuration.nix deleted file mode 100644 index bd11bff..0000000 --- a/bert/hardware-configuration.nix +++ /dev/null @@ -1,42 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/5abc0802-3969-460c-8089-5fec9f985c18"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."luks-da40f6d2-49d7-4a55-8a2e-94fa5f28dbbc".device = "/dev/disk/by-uuid/da40f6d2-49d7-4a55-8a2e-94fa5f28dbbc"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B684-07FB"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/f5d7bb99-03aa-4f7c-9d4a-e264ceb514c6"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/bert/services/factorio.nix b/bert/services/factorio.nix deleted file mode 100644 index 10e0b27..0000000 --- a/bert/services/factorio.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - # nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # "factorio-headless" - # ]; - services.factorio = let - factorio-nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/7e35ac30ea1d236419653182559367ecd8a30675.tar.gz") { - config.allowUnfree = true; - }; - in { - enable = true; - package = factorio-nixpkgs.factorio-headless; - openFirewall = true; - nonBlockingSaving = true; - game-name = "Chandler's Factorio Server"; - description = "Job 28:2"; - }; -} diff --git a/bert/services/forgejo.nix b/bert/services/forgejo.nix deleted file mode 100644 index 9d7d619..0000000 --- a/bert/services/forgejo.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - services.forgejo = { - enable = true; - settings = { - DEFAULT = { - APP_NAME = "Forgejo: Beyond coding. We Forge."; # TODO - }; - server = { - # USE_PROXY_PROTOCOL = true; - DOMAIN = "git.chandlerswift.com"; - #SSH_DOMAIN = "git.chandlerswift.com"; - ROOT_URL = "https://git.chandlerswift.com/"; - HTTP_PORT = 3001; - LANDING_PAGE = "/chandlerswift"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; -} diff --git a/bert/services/http/caddy-browse-template.html b/bert/services/http/caddy-browse-template.html deleted file mode 100644 index 079ab14..0000000 --- a/bert/services/http/caddy-browse-template.html +++ /dev/null @@ -1,1068 +0,0 @@ -{{- define "icon"}} - {{- if .IsDir}} - {{- if .IsSymlink}} - - - - - - {{- else}} - - - - - {{- end}} - {{- else if or (eq .Name "LICENSE") (eq .Name "README")}} - - - - - - - {{- else if .HasExt ".jpg" ".jpeg" ".png" ".gif" ".webp" ".tiff" ".bmp" ".heif" ".heic" ".svg"}} - {{- if eq .Tpl.Layout "grid"}} - - {{- else}} - - - - - - - - {{- end}} - {{- else if .HasExt ".mp4" ".mov" ".m4v" ".mpeg" ".mpg" ".avi" ".ogg" ".webm" ".mkv" ".vob" ".gifv" ".3gp"}} - - - - - - - - - - - - {{- else if .HasExt ".mp3" ".m4a" ".aac" ".ogg" ".flac" ".wav" ".wma" ".midi" ".cda"}} - - - - - - - - {{- else if .HasExt ".pdf"}} - - - - - - - - - - {{- else if .HasExt ".csv" ".tsv"}} - - - - - - - - - {{- else if .HasExt ".txt" ".doc" ".docx" ".odt" ".fodt" ".rtf"}} - - - - - - - - - {{- else if .HasExt ".xls" ".xlsx" ".ods" ".fods"}} - - - - - - - - - {{- else if .HasExt ".ppt" ".pptx" ".odp" ".fodp"}} - - - - - - - - - - - {{- else if .HasExt ".zip" ".gz" ".xz" ".tar" ".7z" ".rar" ".xz" ".zst"}} - - - - - - - - - - - - {{- else if .HasExt ".deb" ".dpkg"}} - - - - - - {{- else if .HasExt ".rpm" ".exe" ".flatpak" ".appimage" ".jar" ".msi" ".apk"}} - - - - - - - - - {{- else if .HasExt ".ps1"}} - - - - - - - {{- else if .HasExt ".py" ".pyc" ".pyo"}} - - - - - - - - - {{- else if .HasExt ".bash" ".sh" ".com" ".bat" ".dll" ".so"}} - - - - - {{- else if .HasExt ".dmg"}} - - - - - - - - - {{- else if .HasExt ".iso" ".img"}} - - - - - - - - {{- else if .HasExt ".md" ".mdown" ".markdown"}} - - - - - - - {{- else if .HasExt ".ttf" ".otf" ".woff" ".woff2" ".eof"}} - - - - - - - - - {{- else if .HasExt ".go"}} - - - - - - - - - {{- else if .HasExt ".html" ".htm"}} - - - - - - - - - - - - - {{- else if .HasExt ".js"}} - - - - - - - - {{- else if .HasExt ".css"}} - - - - - - - - - {{- else if .HasExt ".json" ".json5" ".jsonc"}} - - - - - - - - {{- else if .HasExt ".ts"}} - - - - - - - - - - {{- else if .HasExt ".sql"}} - - - - - - - - - - - {{- else if .HasExt ".db" ".sqlite" ".bak" ".mdb"}} - - - - - - - {{- else if .HasExt ".eml" ".email" ".mailbox" ".mbox" ".msg"}} - - - - - - {{- else if .HasExt ".crt" ".pem" ".x509" ".cer" ".ca-bundle"}} - - - - - - - - - - {{- else if .HasExt ".key" ".keystore" ".jks" ".p12" ".pfx" ".pub"}} - - - - - - {{- else}} - {{- if .IsSymlink}} - - - - - - - - {{- else}} - - - - - - {{- end}} - {{- end}} -{{- end}} - - - - {{html .Name}} - - - - - -{{- if eq .Layout "grid"}} - -{{- end}} - - -
-
-
Folder Path
-

- {{range $i, $crumb := .Breadcrumbs}}{{html $crumb.Text}}{{if ne $i 0}}/{{end}}{{end}} -

-
-
-
-
-
-
- - {{.NumDirs}} director{{if eq 1 .NumDirs}}y{{else}}ies{{end}} - - - {{.NumFiles}} file{{if ne 1 .NumFiles}}s{{end}} - - {{- if ne 0 .Limit}} - - (of which only {{.Limit}} are displayed) - - {{- end}} -
- - - - - - - List - - - - - - - - - - Grid - -
-
- {{- if eq .Layout "grid"}} - {{- range .Items}} -
- - {{template "icon" .}} -
{{html .Name}}
-
{{.HumanSize}}
- -
- {{- end}} - {{- else}} - - - - - - - - - - - - {{- if .CanGoUp}} - - - - - - - - {{- end}} - {{- range .Items}} - - - - {{- if .IsDir}} - - {{- else}} - - {{- end}} - - - - {{- end}} - -
- {{- if and (eq .Sort "namedirfirst") (ne .Order "desc")}} - - - - - - - {{- else if and (eq .Sort "namedirfirst") (ne .Order "asc")}} - - - - - - - {{- else}} - - - - - - - {{- end}} - - {{- if and (eq .Sort "name") (ne .Order "desc")}} - - Name - - - - - - {{- else if and (eq .Sort "name") (ne .Order "asc")}} - - Name - - - - - - {{- else}} - - Name - - {{- end}} - -
- - - - - - -
- 		- {{- if and (eq .Sort "size") (ne .Order "desc")}} - - Size - - - - - - {{- else if and (eq .Sort "size") (ne .Order "asc")}} - - Size - - - - - - {{- else}} - - Size - - {{- end}} - - {{- if and (eq .Sort "time") (ne .Order "desc")}} - - Modified - - - - - - {{- else if and (eq .Sort "time") (ne .Order "asc")}} - - Modified - - - - - - {{- else}} - - Modified - - {{- end}} -
- - - - - - Up - -
- - {{template "icon" .}} - {{html .Name}} - - -
-
-
- {{.HumanSize}} -
-
- 		- -
- {{- end}} -
-
-
- - - - diff --git a/bert/services/http/files.chandlerswift.com.nix b/bert/services/http/files.chandlerswift.com.nix deleted file mode 100644 index 74c5e0c..0000000 --- a/bert/services/http/files.chandlerswift.com.nix +++ /dev/null @@ -1,13 +0,0 @@ - -{ - services.caddy.virtualHosts."files.chandlerswift.com".extraConfig = '' - encode zstd gzip - file_server - root * /srv/www/files.chandlerswift.com - ''; - systemd.tmpfiles.settings."10-files-chandlerswift-com" = { - "/srv/www/files.chandlerswift.com" = { - d = {}; - }; - }; -} diff --git a/bert/services/http/git.chandlerswift.com.nix b/bert/services/http/git.chandlerswift.com.nix deleted file mode 100644 index 609c95f..0000000 --- a/bert/services/http/git.chandlerswift.com.nix +++ /dev/null @@ -1,5 +0,0 @@ -{config, ...}: { - services.caddy.virtualHosts."git.chandlerswift.com".extraConfig = '' - reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} - ''; -} diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix deleted file mode 100644 index eef8812..0000000 --- a/bert/services/http/home.chandlerswift.com.nix +++ /dev/null @@ -1,15 +0,0 @@ - -{ - services.caddy.virtualHosts."home.chandlerswift.com".extraConfig = '' - encode zstd gzip - file_server - root * /srv/www/home.chandlerswift.com - reverse_proxy /grafana/* localhost:3000 - # hide .git # ??? - ''; - systemd.tmpfiles.settings."10-home-chandlerswift-com" = { - "/srv/www/home.chandlerswift.com" = { - d = {}; - }; - }; -} diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix deleted file mode 100644 index 3054875..0000000 --- a/bert/services/http/index.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - imports = [ - ./files.chandlerswift.com.nix - ./git.chandlerswift.com.nix - ./home.chandlerswift.com.nix - ./katherineandchandler.com.nix - ./maps.chandlerswift.com.nix - ./stjohnscccc.org.nix - ./swiftgang.net.nix - ]; - - services.caddy = { - enable = true; - email = "chandler@chandlerswift.com"; - globalConfig = '' - servers { - metrics # Enable Prometheus monitoring - } - ''; - }; -} diff --git a/bert/services/http/katherineandchandler.com.nix b/bert/services/http/katherineandchandler.com.nix deleted file mode 100644 index 352cf32..0000000 --- a/bert/services/http/katherineandchandler.com.nix +++ /dev/null @@ -1,14 +0,0 @@ - -{ - services.caddy.virtualHosts."katherineandchandler.com".extraConfig = '' - encode zstd gzip - file_server - root * /srv/www/katherineandchandler.com - # hide .git # ??? - ''; - systemd.tmpfiles.settings."10-katherineandchandler-com" = { - "/srv/www/katherineandchandler.com" = { - d = {}; - }; - }; -} diff --git a/bert/services/http/maps.chandlerswift.com.nix b/bert/services/http/maps.chandlerswift.com.nix deleted file mode 100644 index fb21cb8..0000000 --- a/bert/services/http/maps.chandlerswift.com.nix +++ /dev/null @@ -1,14 +0,0 @@ - -{ - services.caddy.virtualHosts."maps.chandlerswift.com".extraConfig = '' - encode zstd gzip - file_server - root * /srv/www/maps.chandlerswift.com - # hide .git # ??? - ''; - systemd.tmpfiles.settings."10-maps-chandlerswift-com" = { - "/srv/www/maps.chandlerswift.com" = { - d = {}; - }; - }; -} diff --git a/bert/services/http/stjohnscccc.org.nix b/bert/services/http/stjohnscccc.org.nix deleted file mode 100644 index b462c02..0000000 --- a/bert/services/http/stjohnscccc.org.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ pkgs, lib, config, ... }: -let - app = "stjohnscccc"; - domain = "${app}.chandlerswift.com"; # TODO - dataDir = "/srv/www/stjohnscccc.org"; -in { - services.phpfpm.pools.${app} = { - user = app; - settings = { - "listen.owner" = config.services.caddy.user; - "pm" = "dynamic"; - "pm.max_children" = 32; - # "pm.max_requests" = 500; - "pm.start_servers" = 1; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 4; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = true; - "catch_workers_output" = true; - }; - # phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; - }; - services.caddy.virtualHosts.${domain}.extraConfig = '' - root * ${dataDir}/public - - handle /downloads/* { - file_server { - browse ${./caddy-browse-template.html} - hide .gitignore - } - } - - handle { - encode zstd gzip - php_fastcgi unix/${config.services.phpfpm.pools.${app}.socket} - file_server - } - - handle_errors { - respond "{err.status_code} {err.status_text}" - } - ''; - users.users.${app} = { - isSystemUser = true; - home = dataDir; - group = app; - }; - users.groups.${app} = {}; - systemd.tmpfiles.settings."10-stjohnscccc.org" = { - "/srv/www/stjohnscccc.org" = { - d = {}; - }; - }; -} diff --git a/bert/services/http/swiftgang.net.nix b/bert/services/http/swiftgang.net.nix deleted file mode 100644 index 82bee79..0000000 --- a/bert/services/http/swiftgang.net.nix +++ /dev/null @@ -1,13 +0,0 @@ - -{ - services.caddy.virtualHosts."swiftgang.net".extraConfig = '' - encode zstd gzip - file_server - root * /srv/www/swiftgang.net - ''; - systemd.tmpfiles.settings."10-swiftgang-net" = { - "/srv/www/swiftgang.net" = { - d = {}; - }; - }; -} diff --git a/bert/services/monitoring.nix b/bert/services/monitoring.nix deleted file mode 100644 index 8f524c4..0000000 --- a/bert/services/monitoring.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - services.prometheus = { - enable = true; - scrapeConfigs = [ - { - job_name = "caddy"; - static_configs = [{ - targets = [ - "localhost:2019" - ]; - }]; - } - { - job_name = "node"; - static_configs = [{ - targets = [ - "localhost:9100" - ]; - }]; - } - ]; - exporters.node = { - enable = true; - # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix - enabledCollectors = [ "systemd" ]; - # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help - # extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; - }; - }; - - services.grafana = { - enable = true; - settings = { - server = { - root_url = "https://home.chandlerswift.com/grafana/"; - serve_from_sub_path = true; - }; - }; - }; - -} diff --git a/oscar/configuration.nix b/oscar/configuration.nix index db1e3ae..abf5210 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -138,6 +138,7 @@ libreoffice-qt prismlauncher qgis + thunderbird # command line applications beets @@ -162,8 +163,6 @@ factorio ]; - programs.thunderbird.enable = true; - programs.bash.enable = true; programs.direnv = { diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 81d6525..0000000 --- a/shell.nix +++ /dev/null @@ -1,11 +0,0 @@ -let -# nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.05"; - pkgs = import { config = {}; overlays = []; }; -in - -pkgs.mkShellNoCC { - packages = with pkgs; [ - # nixd - gnumake - ]; -}