Undisable beefcake stuff
This commit is contained in:
parent
c2a246295b
commit
4c030b37f0
1 changed files with 79 additions and 80 deletions
|
@ -8,9 +8,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
|
||||||
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
# inputs,
|
inputs,
|
||||||
# outputs,
|
# outputs,
|
||||||
# config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
|
@ -22,7 +22,7 @@ in {
|
||||||
../modules/nixos/fonts.nix
|
../modules/nixos/fonts.nix
|
||||||
]
|
]
|
||||||
++ [
|
++ [
|
||||||
# inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
|
inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
|
||||||
# inputs.nix-minecraft.nixosModules.minecraft-servers
|
# inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -60,16 +60,16 @@ in {
|
||||||
secretKeyFile = "/var/cache-priv-key.pem";
|
secretKeyFile = "/var/cache-priv-key.pem";
|
||||||
};
|
};
|
||||||
|
|
||||||
# services.api-lyte-dev = rec {
|
services.api-lyte-dev = rec {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# port = 5757;
|
port = 5757;
|
||||||
# stateDir = "/var/lib/api-lyte-dev";
|
stateDir = "/var/lib/api-lyte-dev";
|
||||||
# # configFile = config.sops.secrets."api.lyte.dev".path;
|
configFile = config.sops.secrets."api.lyte.dev".path;
|
||||||
# user = "api-lyte-dev";
|
user = "api-lyte-dev";
|
||||||
# group = user;
|
group = user;
|
||||||
# };
|
};
|
||||||
|
|
||||||
# systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
|
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ../secrets/beefcake/secrets.yml;
|
defaultSopsFile = ../secrets/beefcake/secrets.yml;
|
||||||
|
@ -105,36 +105,36 @@ in {
|
||||||
# path = "${config.services.api-lyte-dev.stateDir}/secrets.json";
|
# path = "${config.services.api-lyte-dev.stateDir}/secrets.json";
|
||||||
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
|
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
# owner = config.services.api-lyte-dev.user;
|
owner = config.services.api-lyte-dev.user;
|
||||||
# group = config.services.api-lyte-dev.group;
|
group = config.services.api-lyte-dev.group;
|
||||||
};
|
};
|
||||||
|
|
||||||
"jland.env" = {
|
"jland.env" = {
|
||||||
path = "/var/lib/jland/jland.env";
|
path = "/var/lib/jland/jland.env";
|
||||||
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
|
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
# owner = config.users.users.jland.name;
|
owner = config.users.users.jland.name;
|
||||||
# group = config.users.groups.jland.name;
|
group = config.users.groups.jland.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
plausible-admin-password = {
|
plausible-admin-password = {
|
||||||
# TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt";
|
# TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt";
|
||||||
path = "/var/lib/plausible/plausible-admin-password";
|
path = "/var/lib/plausible/plausible-admin-password";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
# owner = config.systemd.services.plausible.serviceConfig.User;
|
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||||
# group = config.systemd.services.plausible.serviceConfig.Group;
|
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||||
};
|
};
|
||||||
plausible-secret-key-base = {
|
plausible-secret-key-base = {
|
||||||
path = "/var/lib/plausible/plausible-secret-key-base";
|
path = "/var/lib/plausible/plausible-secret-key-base";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
# owner = config.systemd.services.plausible.serviceConfig.User;
|
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||||
# group = config.systemd.services.plausible.serviceConfig.Group;
|
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||||
};
|
};
|
||||||
nextcloud-admin-password = {
|
nextcloud-admin-password = {
|
||||||
path = "/var/lib/nextcloud/admin-password";
|
path = "/var/lib/nextcloud/admin-password";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
# owner = config.services.nextcloud.serviceConfig.User;
|
owner = config.services.nextcloud.serviceConfig.User;
|
||||||
# group = config.services.nextcloud.serviceConfig.Group;
|
group = config.services.nextcloud.serviceConfig.Group;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -190,7 +190,7 @@ in {
|
||||||
users.users.lytedev = {
|
users.users.lytedev = {
|
||||||
# for running my services and applications and stuff
|
# for running my services and applications and stuff
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
# openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
|
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||||
group = "lytedev";
|
group = "lytedev";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -217,8 +217,7 @@ in {
|
||||||
[
|
[
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
|
||||||
]
|
]
|
||||||
# ++ config.users.users.daniel.openssh.authorizedKeys.keys;
|
++ config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||||
;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.guest = {
|
users.users.guest = {
|
||||||
|
@ -285,72 +284,72 @@ in {
|
||||||
# TODO: there are some hardcoded ports here!
|
# TODO: there are some hardcoded ports here!
|
||||||
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
|
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
|
||||||
# TODO: customize the files.lyte.dev template?
|
# TODO: customize the files.lyte.dev template?
|
||||||
# configFile = pkgs.writeText "Caddyfile" ''
|
configFile = pkgs.writeText "Caddyfile" ''
|
||||||
# video.lyte.dev {
|
video.lyte.dev {
|
||||||
# reverse_proxy :8096
|
reverse_proxy :8096
|
||||||
|
}
|
||||||
|
|
||||||
|
dev.h.lyte.dev {
|
||||||
|
reverse_proxy :8000
|
||||||
|
}
|
||||||
|
|
||||||
|
# lidarr.h.lyte.dev {
|
||||||
|
# reverse_proxy :8686
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# dev.h.lyte.dev {
|
# radarr.h.lyte.dev {
|
||||||
# reverse_proxy :8000
|
# reverse_proxy :7878
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# # lidarr.h.lyte.dev {
|
# sonarr.h.lyte.dev {
|
||||||
# # reverse_proxy :8686
|
# reverse_proxy :8989
|
||||||
# # }
|
|
||||||
|
|
||||||
# # radarr.h.lyte.dev {
|
|
||||||
# # reverse_proxy :7878
|
|
||||||
# # }
|
|
||||||
|
|
||||||
# # sonarr.h.lyte.dev {
|
|
||||||
# # reverse_proxy :8989
|
|
||||||
# # }
|
|
||||||
|
|
||||||
# # bazarr.h.lyte.dev {
|
|
||||||
# # reverse_proxy :$${toString config.services.bazarr.listenPort}
|
|
||||||
# # }
|
|
||||||
|
|
||||||
# bw.lyte.dev {
|
|
||||||
# reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
|
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# api.lyte.dev {
|
# bazarr.h.lyte.dev {
|
||||||
# reverse_proxy :${toString config.services.api-lyte-dev.port}
|
# reverse_proxy :$${toString config.services.bazarr.listenPort}
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# a.lyte.dev {
|
bw.lyte.dev {
|
||||||
# reverse_proxy :${toString config.services.plausible.server.port}
|
reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
|
||||||
# }
|
}
|
||||||
|
|
||||||
# nextcloud.lyte.dev {
|
api.lyte.dev {
|
||||||
# reverse_proxy :${toString 9999}
|
reverse_proxy :${toString config.services.api-lyte-dev.port}
|
||||||
# }
|
}
|
||||||
|
|
||||||
# git.lyte.dev {
|
a.lyte.dev {
|
||||||
# reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
|
reverse_proxy :${toString config.services.plausible.server.port}
|
||||||
# }
|
}
|
||||||
|
|
||||||
# files.lyte.dev {
|
nextcloud.lyte.dev {
|
||||||
# file_server browse {
|
reverse_proxy :${toString 9999}
|
||||||
# # browse template
|
}
|
||||||
# # hide .*
|
|
||||||
# root /storage/files.lyte.dev
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
|
|
||||||
# nix.h.lyte.dev {
|
git.lyte.dev {
|
||||||
# reverse_proxy :${toString config.services.nix-serve.port}
|
reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
|
||||||
# }
|
}
|
||||||
|
|
||||||
# # proxy everything else to chromebox
|
files.lyte.dev {
|
||||||
# :80 {
|
file_server browse {
|
||||||
# reverse_proxy 10.0.0.5:80
|
# browse template
|
||||||
# }
|
# hide .*
|
||||||
|
root /storage/files.lyte.dev
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# :443 {
|
nix.h.lyte.dev {
|
||||||
# reverse_proxy 10.0.0.5:443
|
reverse_proxy :${toString config.services.nix-serve.port}
|
||||||
# }
|
}
|
||||||
# '';
|
|
||||||
|
# proxy everything else to chromebox
|
||||||
|
:80 {
|
||||||
|
reverse_proxy 10.0.0.5:80
|
||||||
|
}
|
||||||
|
|
||||||
|
:443 {
|
||||||
|
reverse_proxy 10.0.0.5:443
|
||||||
|
}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
|
@ -581,10 +580,10 @@ in {
|
||||||
hosts deny = 0.0.0.0/0
|
hosts deny = 0.0.0.0/0
|
||||||
guest account = nobody
|
guest account = nobody
|
||||||
map to guest = bad user
|
map to guest = bad user
|
||||||
'';
|
|
||||||
# load printers = yes
|
# load printers = yes
|
||||||
# printing = cups
|
# printing = cups
|
||||||
# printcap name = cups
|
# printcap name = cups
|
||||||
|
'';
|
||||||
shares = {
|
shares = {
|
||||||
libre = {
|
libre = {
|
||||||
path = "/storage/libre";
|
path = "/storage/libre";
|
||||||
|
|
Loading…
Reference in a new issue