bigbird: Add README with SD card note

bert/README.md

@@ -5,7 +5,12 @@
 3. Deploy updated config with `make`
 4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking)
    1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
-5. Deploy content to web services
+5. Deploy content:
+   - websites in /srv
+   - factorio world at /var/lib/factorio/saves/default.zip
+   - git/forgejo in /var/lib/forgejo
+   - navidrome
+6. Set up Grafana users (log in with default admin/admin; change creds; configure)
 
 # Notes on Caddy
 Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what

bert/configuration.nix

@@ -8,7 +8,6 @@
       ./services/http/index.nix
       ./services/monitoring.nix
       ./services/forgejo.nix
-      ./services/navidrome.nix
     ];
 
   # Bootloader
@@ -36,11 +35,8 @@
   boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1";
   networking.hostName = "bert";
 
-  fileSystems."/mnt/bigbird-public" = {
+  # Enable networking
-    device = "//bigbird/public";
+  networking.networkmanager.enable = true;
-    fsType = "cifs";
-    options = [ "guest" ];
-  };
 
   time.timeZone = "America/Chicago";
   i18n.defaultLocale = "en_US.UTF-8";

bert/services/http/0hats.com.nix

@@ -1,20 +0,0 @@
-
-{
-  services.caddy.virtualHosts."0hats.com" = {
-    serverAliases = ["www.0hats.com"];
-    extraConfig = ''
-      encode zstd gzip
-      file_server
-      root * /srv/www/0hats.com
-
-      handle_errors {
-        respond "{err.status_code} {err.status_text}"
-      }
-    '';
-  };
-  systemd.tmpfiles.settings."10-0hats-com" = {
-    "/srv/www/0hats.com" = {
-      d = {};
-    };
-  };
-}

bert/services/http/files.chandlerswift.com.nix

@@ -4,10 +4,6 @@
     encode zstd gzip
     file_server
     root * /srv/www/files.chandlerswift.com
-
-    handle_errors {
-      respond "{err.status_code} {err.status_text}"
-    }
   '';
   systemd.tmpfiles.settings."10-files-chandlerswift-com" = {
     "/srv/www/files.chandlerswift.com" = {

bert/services/http/harborpaperco.com.nix

@@ -6,18 +6,14 @@
       encode zstd gzip
       file_server
       root * /srv/www/harborpaperco.com
-
-      handle_errors {
-        respond "{err.status_code} {err.status_text}"
-      }
-    '';
-  };
-  services.caddy.virtualHosts."pureserendipityweddings.com" = {
-    serverAliases = ["www.pureserendipityweddings.com"];
-    extraConfig = ''
-      redir https://harborpaperco.com
     '';
   };
+  # services.caddy.virtualHosts."pureserendipityweddings.com" = {
+  #   serverAliases = ["www.pureserendipityweddings.com"];
+  #   extraConfig = ''
+  #     redir https://harborpaperco.com
+  #   '';
+  # };
   systemd.tmpfiles.settings."10-harborpaperco-com" = {
     "/srv/www/harborpaperco.com" = {
       d = {};

bert/services/http/home.chandlerswift.com.nix

@@ -6,20 +6,6 @@
     root * /srv/www/home.chandlerswift.com
     reverse_proxy /grafana/* localhost:3000
     # hide .git # ???
-
-    file_server /sheets/* {
-      browse ${./caddy-browse-template.html}
-
-      # TOOD: is there a better way to strip the prefix here? This shouldn't be
-      # vulnerable to a directory traversal attack (and it doesn't really
-      # matter anyway; everything in there is public somewhere or another!) but
-      # it sorta feels wrong to do this without a `/sheets` suffix.
-      root /mnt/bigbird-public
-    }
-
-    handle_errors {
-      respond "{err.status_code} {err.status_text}"
-    }
   '';
   systemd.tmpfiles.settings."10-home-chandlerswift-com" = {
     "/srv/www/home.chandlerswift.com" = {

bert/services/http/index.nix

@@ -1,13 +1,11 @@
 {
   imports = [
-    ./0hats.com.nix
     ./files.chandlerswift.com.nix
     ./git.chandlerswift.com.nix
     ./harborpaperco.com.nix
     ./home.chandlerswift.com.nix
     ./katherineandchandler.com.nix
     ./maps.chandlerswift.com.nix
-    ./music.chandlerswift.com.nix
     ./stjohnscccc.org.nix
     ./swiftgang.net.nix
   ];

bert/services/http/katherineandchandler.com.nix

@@ -5,10 +5,6 @@
     file_server
     root * /srv/www/katherineandchandler.com
     # hide .git # ???
-
-    handle_errors {
-      respond "{err.status_code} {err.status_text}"
-    }
   '';
   systemd.tmpfiles.settings."10-katherineandchandler-com" = {
     "/srv/www/katherineandchandler.com" = {

bert/services/http/maps.chandlerswift.com.nix

@@ -5,10 +5,6 @@
     file_server
     root * /srv/www/maps.chandlerswift.com
     # hide .git # ???
-
-    handle_errors {
-      respond "{err.status_code} {err.status_text}"
-    }
   '';
   systemd.tmpfiles.settings."10-maps-chandlerswift-com" = {
     "/srv/www/maps.chandlerswift.com" = {

bert/services/http/music.chandlerswift.com.nix

@@ -1,5 +0,0 @@
-{config, ...}: {
-  services.caddy.virtualHosts."music.chandlerswift.com".extraConfig = ''
-    reverse_proxy localhost:${toString config.services.navidrome.settings.Port}
-  '';
-}

bert/services/http/swiftgang.net.nix

@@ -4,10 +4,6 @@
     encode zstd gzip
     file_server
     root * /srv/www/swiftgang.net
-
-    handle_errors {
-      respond "{err.status_code} {err.status_text}"
-    }
   '';
   systemd.tmpfiles.settings."10-swiftgang-net" = {
     "/srv/www/swiftgang.net" = {

bert/services/navidrome.nix

@@ -1,10 +0,0 @@
-{
-  services.navidrome = {
-    enable = true;
-    settings = {
-      MusicFolder = "/mnt/bigbird-public/media/music";
-      ScanSchedule = "@every 12h";
-      EnableSharing = true;
-    };
-  };
-}

oscar/configuration.nix

@@ -16,7 +16,6 @@
     "steam"
     "steam-original"
     "steam-run"
-    "steam-unwrapped"
   ];
 
   # https://discourse.nixos.org/t/github-strategies-for-configuration-nix/1983/14