Undisable beefcake stuff

This commit is contained in:
Daniel Flanagan 2024-02-21 20:39:10 -06:00
parent c2a246295b
commit 4c030b37f0
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4

View file

@ -8,9 +8,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
*/ */
{ {
# inputs, inputs,
# outputs, # outputs,
# config, config,
pkgs, pkgs,
... ...
}: let }: let
@ -22,7 +22,7 @@ in {
../modules/nixos/fonts.nix ../modules/nixos/fonts.nix
] ]
++ [ ++ [
# inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
# inputs.nix-minecraft.nixosModules.minecraft-servers # inputs.nix-minecraft.nixosModules.minecraft-servers
]; ];
@ -60,16 +60,16 @@ in {
secretKeyFile = "/var/cache-priv-key.pem"; secretKeyFile = "/var/cache-priv-key.pem";
}; };
# services.api-lyte-dev = rec { services.api-lyte-dev = rec {
# enable = true; enable = true;
# port = 5757; port = 5757;
# stateDir = "/var/lib/api-lyte-dev"; stateDir = "/var/lib/api-lyte-dev";
# # configFile = config.sops.secrets."api.lyte.dev".path; configFile = config.sops.secrets."api.lyte.dev".path;
# user = "api-lyte-dev"; user = "api-lyte-dev";
# group = user; group = user;
# }; };
# systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug"; systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
sops = { sops = {
defaultSopsFile = ../secrets/beefcake/secrets.yml; defaultSopsFile = ../secrets/beefcake/secrets.yml;
@ -105,36 +105,36 @@ in {
# path = "${config.services.api-lyte-dev.stateDir}/secrets.json"; # path = "${config.services.api-lyte-dev.stateDir}/secrets.json";
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook? # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
mode = "0440"; mode = "0440";
# owner = config.services.api-lyte-dev.user; owner = config.services.api-lyte-dev.user;
# group = config.services.api-lyte-dev.group; group = config.services.api-lyte-dev.group;
}; };
"jland.env" = { "jland.env" = {
path = "/var/lib/jland/jland.env"; path = "/var/lib/jland/jland.env";
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook? # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
mode = "0440"; mode = "0440";
# owner = config.users.users.jland.name; owner = config.users.users.jland.name;
# group = config.users.groups.jland.name; group = config.users.groups.jland.name;
}; };
plausible-admin-password = { plausible-admin-password = {
# TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt"; # TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt";
path = "/var/lib/plausible/plausible-admin-password"; path = "/var/lib/plausible/plausible-admin-password";
mode = "0440"; mode = "0440";
# owner = config.systemd.services.plausible.serviceConfig.User; owner = config.systemd.services.plausible.serviceConfig.User;
# group = config.systemd.services.plausible.serviceConfig.Group; group = config.systemd.services.plausible.serviceConfig.Group;
}; };
plausible-secret-key-base = { plausible-secret-key-base = {
path = "/var/lib/plausible/plausible-secret-key-base"; path = "/var/lib/plausible/plausible-secret-key-base";
mode = "0440"; mode = "0440";
# owner = config.systemd.services.plausible.serviceConfig.User; owner = config.systemd.services.plausible.serviceConfig.User;
# group = config.systemd.services.plausible.serviceConfig.Group; group = config.systemd.services.plausible.serviceConfig.Group;
}; };
nextcloud-admin-password = { nextcloud-admin-password = {
path = "/var/lib/nextcloud/admin-password"; path = "/var/lib/nextcloud/admin-password";
mode = "0440"; mode = "0440";
# owner = config.services.nextcloud.serviceConfig.User; owner = config.services.nextcloud.serviceConfig.User;
# group = config.services.nextcloud.serviceConfig.Group; group = config.services.nextcloud.serviceConfig.Group;
}; };
}; };
}; };
@ -190,7 +190,7 @@ in {
users.users.lytedev = { users.users.lytedev = {
# for running my services and applications and stuff # for running my services and applications and stuff
isNormalUser = true; isNormalUser = true;
# openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
group = "lytedev"; group = "lytedev";
}; };
@ -217,8 +217,7 @@ in {
[ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
] ]
# ++ config.users.users.daniel.openssh.authorizedKeys.keys; ++ config.users.users.daniel.openssh.authorizedKeys.keys;
;
}; };
users.users.guest = { users.users.guest = {
@ -285,72 +284,72 @@ in {
# TODO: there are some hardcoded ports here! # TODO: there are some hardcoded ports here!
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72 # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
# TODO: customize the files.lyte.dev template? # TODO: customize the files.lyte.dev template?
# configFile = pkgs.writeText "Caddyfile" '' configFile = pkgs.writeText "Caddyfile" ''
# video.lyte.dev { video.lyte.dev {
# reverse_proxy :8096 reverse_proxy :8096
# } }
# dev.h.lyte.dev { dev.h.lyte.dev {
# reverse_proxy :8000 reverse_proxy :8000
# } }
# # lidarr.h.lyte.dev { # lidarr.h.lyte.dev {
# # reverse_proxy :8686 # reverse_proxy :8686
# # } # }
# # radarr.h.lyte.dev { # radarr.h.lyte.dev {
# # reverse_proxy :7878 # reverse_proxy :7878
# # } # }
# # sonarr.h.lyte.dev { # sonarr.h.lyte.dev {
# # reverse_proxy :8989 # reverse_proxy :8989
# # } # }
# # bazarr.h.lyte.dev { # bazarr.h.lyte.dev {
# # reverse_proxy :$${toString config.services.bazarr.listenPort} # reverse_proxy :$${toString config.services.bazarr.listenPort}
# # } # }
# bw.lyte.dev { bw.lyte.dev {
# reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
# } }
# api.lyte.dev { api.lyte.dev {
# reverse_proxy :${toString config.services.api-lyte-dev.port} reverse_proxy :${toString config.services.api-lyte-dev.port}
# } }
# a.lyte.dev { a.lyte.dev {
# reverse_proxy :${toString config.services.plausible.server.port} reverse_proxy :${toString config.services.plausible.server.port}
# } }
# nextcloud.lyte.dev { nextcloud.lyte.dev {
# reverse_proxy :${toString 9999} reverse_proxy :${toString 9999}
# } }
# git.lyte.dev { git.lyte.dev {
# reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
# } }
# files.lyte.dev { files.lyte.dev {
# file_server browse { file_server browse {
# # browse template # browse template
# # hide .* # hide .*
# root /storage/files.lyte.dev root /storage/files.lyte.dev
# } }
# } }
# nix.h.lyte.dev { nix.h.lyte.dev {
# reverse_proxy :${toString config.services.nix-serve.port} reverse_proxy :${toString config.services.nix-serve.port}
# } }
# # proxy everything else to chromebox # proxy everything else to chromebox
# :80 { :80 {
# reverse_proxy 10.0.0.5:80 reverse_proxy 10.0.0.5:80
# } }
# :443 { :443 {
# reverse_proxy 10.0.0.5:443 reverse_proxy 10.0.0.5:443
# } }
# ''; '';
}; };
services.vaultwarden = { services.vaultwarden = {
@ -581,10 +580,10 @@ in {
hosts deny = 0.0.0.0/0 hosts deny = 0.0.0.0/0
guest account = nobody guest account = nobody
map to guest = bad user map to guest = bad user
# load printers = yes
# printing = cups
# printcap name = cups
''; '';
# load printers = yes
# printing = cups
# printcap name = cups
shares = { shares = {
libre = { libre = {
path = "/storage/libre"; path = "/storage/libre";