From 4c030b37f054be1334b31be569eba9280efd5733 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 21 Feb 2024 20:39:10 -0600 Subject: [PATCH] Undisable beefcake stuff --- nixos/beefcake.nix | 159 ++++++++++++++++++++++----------------------- 1 file changed, 79 insertions(+), 80 deletions(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 513c49f..4ba854f 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -8,9 +8,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00 sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 */ { - # inputs, + inputs, # outputs, - # config, + config, pkgs, ... }: let @@ -22,7 +22,7 @@ in { ../modules/nixos/fonts.nix ] ++ [ - # inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev + inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev # inputs.nix-minecraft.nixosModules.minecraft-servers ]; @@ -60,16 +60,16 @@ in { secretKeyFile = "/var/cache-priv-key.pem"; }; - # services.api-lyte-dev = rec { - # enable = true; - # port = 5757; - # stateDir = "/var/lib/api-lyte-dev"; - # # configFile = config.sops.secrets."api.lyte.dev".path; - # user = "api-lyte-dev"; - # group = user; - # }; + services.api-lyte-dev = rec { + enable = true; + port = 5757; + stateDir = "/var/lib/api-lyte-dev"; + configFile = config.sops.secrets."api.lyte.dev".path; + user = "api-lyte-dev"; + group = user; + }; - # systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug"; + systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug"; sops = { defaultSopsFile = ../secrets/beefcake/secrets.yml; @@ -105,36 +105,36 @@ in { # path = "${config.services.api-lyte-dev.stateDir}/secrets.json"; # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook? mode = "0440"; - # owner = config.services.api-lyte-dev.user; - # group = config.services.api-lyte-dev.group; + owner = config.services.api-lyte-dev.user; + group = config.services.api-lyte-dev.group; }; "jland.env" = { path = "/var/lib/jland/jland.env"; # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook? mode = "0440"; - # owner = config.users.users.jland.name; - # group = config.users.groups.jland.name; + owner = config.users.users.jland.name; + group = config.users.groups.jland.name; }; plausible-admin-password = { # TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt"; path = "/var/lib/plausible/plausible-admin-password"; mode = "0440"; - # owner = config.systemd.services.plausible.serviceConfig.User; - # group = config.systemd.services.plausible.serviceConfig.Group; + owner = config.systemd.services.plausible.serviceConfig.User; + group = config.systemd.services.plausible.serviceConfig.Group; }; plausible-secret-key-base = { path = "/var/lib/plausible/plausible-secret-key-base"; mode = "0440"; - # owner = config.systemd.services.plausible.serviceConfig.User; - # group = config.systemd.services.plausible.serviceConfig.Group; + owner = config.systemd.services.plausible.serviceConfig.User; + group = config.systemd.services.plausible.serviceConfig.Group; }; nextcloud-admin-password = { path = "/var/lib/nextcloud/admin-password"; mode = "0440"; - # owner = config.services.nextcloud.serviceConfig.User; - # group = config.services.nextcloud.serviceConfig.Group; + owner = config.services.nextcloud.serviceConfig.User; + group = config.services.nextcloud.serviceConfig.Group; }; }; }; @@ -190,7 +190,7 @@ in { users.users.lytedev = { # for running my services and applications and stuff isNormalUser = true; - # openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys; group = "lytedev"; }; @@ -217,8 +217,7 @@ in { [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev" ] - # ++ config.users.users.daniel.openssh.authorizedKeys.keys; - ; + ++ config.users.users.daniel.openssh.authorizedKeys.keys; }; users.users.guest = { @@ -285,72 +284,72 @@ in { # TODO: there are some hardcoded ports here! # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72 # TODO: customize the files.lyte.dev template? - # configFile = pkgs.writeText "Caddyfile" '' - # video.lyte.dev { - # reverse_proxy :8096 - # } + configFile = pkgs.writeText "Caddyfile" '' + video.lyte.dev { + reverse_proxy :8096 + } - # dev.h.lyte.dev { - # reverse_proxy :8000 - # } + dev.h.lyte.dev { + reverse_proxy :8000 + } - # # lidarr.h.lyte.dev { - # # reverse_proxy :8686 - # # } + # lidarr.h.lyte.dev { + # reverse_proxy :8686 + # } - # # radarr.h.lyte.dev { - # # reverse_proxy :7878 - # # } + # radarr.h.lyte.dev { + # reverse_proxy :7878 + # } - # # sonarr.h.lyte.dev { - # # reverse_proxy :8989 - # # } + # sonarr.h.lyte.dev { + # reverse_proxy :8989 + # } - # # bazarr.h.lyte.dev { - # # reverse_proxy :$${toString config.services.bazarr.listenPort} - # # } + # bazarr.h.lyte.dev { + # reverse_proxy :$${toString config.services.bazarr.listenPort} + # } - # bw.lyte.dev { - # reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} - # } + bw.lyte.dev { + reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} + } - # api.lyte.dev { - # reverse_proxy :${toString config.services.api-lyte-dev.port} - # } + api.lyte.dev { + reverse_proxy :${toString config.services.api-lyte-dev.port} + } - # a.lyte.dev { - # reverse_proxy :${toString config.services.plausible.server.port} - # } + a.lyte.dev { + reverse_proxy :${toString config.services.plausible.server.port} + } - # nextcloud.lyte.dev { - # reverse_proxy :${toString 9999} - # } + nextcloud.lyte.dev { + reverse_proxy :${toString 9999} + } - # git.lyte.dev { - # reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} - # } + git.lyte.dev { + reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} + } - # files.lyte.dev { - # file_server browse { - # # browse template - # # hide .* - # root /storage/files.lyte.dev - # } - # } + files.lyte.dev { + file_server browse { + # browse template + # hide .* + root /storage/files.lyte.dev + } + } - # nix.h.lyte.dev { - # reverse_proxy :${toString config.services.nix-serve.port} - # } + nix.h.lyte.dev { + reverse_proxy :${toString config.services.nix-serve.port} + } - # # proxy everything else to chromebox - # :80 { - # reverse_proxy 10.0.0.5:80 - # } + # proxy everything else to chromebox + :80 { + reverse_proxy 10.0.0.5:80 + } - # :443 { - # reverse_proxy 10.0.0.5:443 - # } - # ''; + :443 { + reverse_proxy 10.0.0.5:443 + } + ''; }; services.vaultwarden = { @@ -581,10 +580,10 @@ in { hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user + # load printers = yes + # printing = cups + # printcap name = cups ''; - # load printers = yes - # printing = cups - # printcap name = cups shares = { libre = { path = "/storage/libre";