Undisable beefcake stuff

2024-02-21 20:39:10 -06:00 · 2024-02-21 20:39:10 -06:00 · 4c030b37f0
commit 4c030b37f0
parent c2a246295b
1 changed files with 79 additions and 80 deletions
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@ -8,9 +8,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
 sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
 */
 {
-  # inputs,
+  inputs,
  # outputs,
-  # config,
+  config,
  pkgs,
  ...
 }: let
@ -22,7 +22,7 @@ in {
      ../modules/nixos/fonts.nix
    ]
    ++ [
-      # inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
+      inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
      # inputs.nix-minecraft.nixosModules.minecraft-servers
    ];

@ -60,16 +60,16 @@ in {
    secretKeyFile = "/var/cache-priv-key.pem";
  };

-  # services.api-lyte-dev = rec {
-  #   enable = true;
-  #   port = 5757;
-  #   stateDir = "/var/lib/api-lyte-dev";
-  #   # configFile = config.sops.secrets."api.lyte.dev".path;
-  #   user = "api-lyte-dev";
-  #   group = user;
-  # };
+  services.api-lyte-dev = rec {
+    enable = true;
+    port = 5757;
+    stateDir = "/var/lib/api-lyte-dev";
+    configFile = config.sops.secrets."api.lyte.dev".path;
+    user = "api-lyte-dev";
+    group = user;
+  };

-  # systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
+  systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";

  sops = {
    defaultSopsFile = ../secrets/beefcake/secrets.yml;
@ -105,36 +105,36 @@ in {
        # path = "${config.services.api-lyte-dev.stateDir}/secrets.json";
        # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
        mode = "0440";
-        # owner = config.services.api-lyte-dev.user;
-        # group = config.services.api-lyte-dev.group;
+        owner = config.services.api-lyte-dev.user;
+        group = config.services.api-lyte-dev.group;
      };

      "jland.env" = {
        path = "/var/lib/jland/jland.env";
        # TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
        mode = "0440";
-        # owner = config.users.users.jland.name;
-        # group = config.users.groups.jland.name;
+        owner = config.users.users.jland.name;
+        group = config.users.groups.jland.name;
      };

      plausible-admin-password = {
        # TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt";
        path = "/var/lib/plausible/plausible-admin-password";
        mode = "0440";
-        # owner = config.systemd.services.plausible.serviceConfig.User;
-        # group = config.systemd.services.plausible.serviceConfig.Group;
+        owner = config.systemd.services.plausible.serviceConfig.User;
+        group = config.systemd.services.plausible.serviceConfig.Group;
      };
      plausible-secret-key-base = {
        path = "/var/lib/plausible/plausible-secret-key-base";
        mode = "0440";
-        # owner = config.systemd.services.plausible.serviceConfig.User;
-        # group = config.systemd.services.plausible.serviceConfig.Group;
+        owner = config.systemd.services.plausible.serviceConfig.User;
+        group = config.systemd.services.plausible.serviceConfig.Group;
      };
      nextcloud-admin-password = {
        path = "/var/lib/nextcloud/admin-password";
        mode = "0440";
-        # owner = config.services.nextcloud.serviceConfig.User;
-        # group = config.services.nextcloud.serviceConfig.Group;
+        owner = config.services.nextcloud.serviceConfig.User;
+        group = config.services.nextcloud.serviceConfig.Group;
      };
    };
  };
@ -190,7 +190,7 @@ in {
  users.users.lytedev = {
    # for running my services and applications and stuff
    isNormalUser = true;
-    # openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
+    openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
    group = "lytedev";
  };

@ -217,8 +217,7 @@ in {
      [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
      ]
-      # ++ config.users.users.daniel.openssh.authorizedKeys.keys;
-      ;
+      ++ config.users.users.daniel.openssh.authorizedKeys.keys;
  };

  users.users.guest = {
@ -285,72 +284,72 @@ in {
    # TODO: there are some hardcoded ports here!
    # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
    # TODO: customize the files.lyte.dev template?
-    # configFile = pkgs.writeText "Caddyfile" ''
-    #   video.lyte.dev {
-    #     reverse_proxy :8096
+    configFile = pkgs.writeText "Caddyfile" ''
+      video.lyte.dev {
+        reverse_proxy :8096
+      }
+
+      dev.h.lyte.dev {
+        reverse_proxy :8000
+      }
+
+      # lidarr.h.lyte.dev {
+        # reverse_proxy :8686
      # }

-    #   dev.h.lyte.dev {
-    #     reverse_proxy :8000
+      # radarr.h.lyte.dev {
+        # reverse_proxy :7878
      # }

-    #   # lidarr.h.lyte.dev {
-    #     # reverse_proxy :8686
-    #   # }
-
-    #   # radarr.h.lyte.dev {
-    #     # reverse_proxy :7878
-    #   # }
-
-    #   # sonarr.h.lyte.dev {
-    #     # reverse_proxy :8989
-    #   # }
-
-    #   # bazarr.h.lyte.dev {
-    #     # reverse_proxy :$${toString config.services.bazarr.listenPort}
-    #   # }
-
-    #   bw.lyte.dev {
-    #     reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
+      # sonarr.h.lyte.dev {
+        # reverse_proxy :8989
      # }

-    #   api.lyte.dev {
-    #     reverse_proxy :${toString config.services.api-lyte-dev.port}
+      # bazarr.h.lyte.dev {
+        # reverse_proxy :$${toString config.services.bazarr.listenPort}
      # }

-    #   a.lyte.dev {
-    #     reverse_proxy :${toString config.services.plausible.server.port}
-    #   }
+      bw.lyte.dev {
+        reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
+      }

-    #   nextcloud.lyte.dev {
-    #     reverse_proxy :${toString 9999}
-    #   }
+      api.lyte.dev {
+        reverse_proxy :${toString config.services.api-lyte-dev.port}
+      }

-    #   git.lyte.dev {
-    #     reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
-    #   }
+      a.lyte.dev {
+        reverse_proxy :${toString config.services.plausible.server.port}
+      }

-    #   files.lyte.dev {
-    #     file_server browse {
-    #       # browse template
-    #       # hide .*
-    #       root /storage/files.lyte.dev
-    #     }
-    #   }
+      nextcloud.lyte.dev {
+        reverse_proxy :${toString 9999}
+      }

-    #   nix.h.lyte.dev {
-    #     reverse_proxy :${toString config.services.nix-serve.port}
-    #   }
+      git.lyte.dev {
+        reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
+      }

-    #   # proxy everything else to chromebox
-    #   :80 {
-    #     reverse_proxy 10.0.0.5:80
-    #   }
+      files.lyte.dev {
+        file_server browse {
+          # browse template
+          # hide .*
+          root /storage/files.lyte.dev
+        }
+      }

-    #   :443 {
-    #     reverse_proxy 10.0.0.5:443
-    #   }
-    # '';
+      nix.h.lyte.dev {
+        reverse_proxy :${toString config.services.nix-serve.port}
+      }
+
+      # proxy everything else to chromebox
+      :80 {
+        reverse_proxy 10.0.0.5:80
+      }
+
+      :443 {
+        reverse_proxy 10.0.0.5:443
+      }
+    '';
  };

  services.vaultwarden = {
@ -581,10 +580,10 @@ in {
      hosts deny = 0.0.0.0/0
      guest account = nobody
      map to guest = bad user
-    '';
      # load printers = yes
      # printing = cups
      # printcap name = cups
+    '';
    shares = {
      libre = {
        path = "/storage/libre";