Undisable beefcake stuff
This commit is contained in:
parent
c2a246295b
commit
4c030b37f0
1 changed files with 79 additions and 80 deletions
|
@ -8,9 +8,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x01 0x00
|
|||
sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||
*/
|
||||
{
|
||||
# inputs,
|
||||
inputs,
|
||||
# outputs,
|
||||
# config,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
|
@ -22,7 +22,7 @@ in {
|
|||
../modules/nixos/fonts.nix
|
||||
]
|
||||
++ [
|
||||
# inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
|
||||
inputs.api-lyte-dev.nixosModules.${system}.api-lyte-dev
|
||||
# inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||
];
|
||||
|
||||
|
@ -60,16 +60,16 @@ in {
|
|||
secretKeyFile = "/var/cache-priv-key.pem";
|
||||
};
|
||||
|
||||
# services.api-lyte-dev = rec {
|
||||
# enable = true;
|
||||
# port = 5757;
|
||||
# stateDir = "/var/lib/api-lyte-dev";
|
||||
# # configFile = config.sops.secrets."api.lyte.dev".path;
|
||||
# user = "api-lyte-dev";
|
||||
# group = user;
|
||||
# };
|
||||
services.api-lyte-dev = rec {
|
||||
enable = true;
|
||||
port = 5757;
|
||||
stateDir = "/var/lib/api-lyte-dev";
|
||||
configFile = config.sops.secrets."api.lyte.dev".path;
|
||||
user = "api-lyte-dev";
|
||||
group = user;
|
||||
};
|
||||
|
||||
# systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
|
||||
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ../secrets/beefcake/secrets.yml;
|
||||
|
@ -105,36 +105,36 @@ in {
|
|||
# path = "${config.services.api-lyte-dev.stateDir}/secrets.json";
|
||||
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
|
||||
mode = "0440";
|
||||
# owner = config.services.api-lyte-dev.user;
|
||||
# group = config.services.api-lyte-dev.group;
|
||||
owner = config.services.api-lyte-dev.user;
|
||||
group = config.services.api-lyte-dev.group;
|
||||
};
|
||||
|
||||
"jland.env" = {
|
||||
path = "/var/lib/jland/jland.env";
|
||||
# TODO: would be cool to assert that it's correctly-formatted JSON? probably should be done in a pre-commit hook?
|
||||
mode = "0440";
|
||||
# owner = config.users.users.jland.name;
|
||||
# group = config.users.groups.jland.name;
|
||||
owner = config.users.users.jland.name;
|
||||
group = config.users.groups.jland.name;
|
||||
};
|
||||
|
||||
plausible-admin-password = {
|
||||
# TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt";
|
||||
path = "/var/lib/plausible/plausible-admin-password";
|
||||
mode = "0440";
|
||||
# owner = config.systemd.services.plausible.serviceConfig.User;
|
||||
# group = config.systemd.services.plausible.serviceConfig.Group;
|
||||
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||
};
|
||||
plausible-secret-key-base = {
|
||||
path = "/var/lib/plausible/plausible-secret-key-base";
|
||||
mode = "0440";
|
||||
# owner = config.systemd.services.plausible.serviceConfig.User;
|
||||
# group = config.systemd.services.plausible.serviceConfig.Group;
|
||||
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||
};
|
||||
nextcloud-admin-password = {
|
||||
path = "/var/lib/nextcloud/admin-password";
|
||||
mode = "0440";
|
||||
# owner = config.services.nextcloud.serviceConfig.User;
|
||||
# group = config.services.nextcloud.serviceConfig.Group;
|
||||
owner = config.services.nextcloud.serviceConfig.User;
|
||||
group = config.services.nextcloud.serviceConfig.Group;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -190,7 +190,7 @@ in {
|
|||
users.users.lytedev = {
|
||||
# for running my services and applications and stuff
|
||||
isNormalUser = true;
|
||||
# openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||
openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||
group = "lytedev";
|
||||
};
|
||||
|
||||
|
@ -217,8 +217,7 @@ in {
|
|||
[
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
|
||||
]
|
||||
# ++ config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||
;
|
||||
++ config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||
};
|
||||
|
||||
users.users.guest = {
|
||||
|
@ -285,72 +284,72 @@ in {
|
|||
# TODO: there are some hardcoded ports here!
|
||||
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
|
||||
# TODO: customize the files.lyte.dev template?
|
||||
# configFile = pkgs.writeText "Caddyfile" ''
|
||||
# video.lyte.dev {
|
||||
# reverse_proxy :8096
|
||||
# }
|
||||
configFile = pkgs.writeText "Caddyfile" ''
|
||||
video.lyte.dev {
|
||||
reverse_proxy :8096
|
||||
}
|
||||
|
||||
# dev.h.lyte.dev {
|
||||
# reverse_proxy :8000
|
||||
# }
|
||||
dev.h.lyte.dev {
|
||||
reverse_proxy :8000
|
||||
}
|
||||
|
||||
# # lidarr.h.lyte.dev {
|
||||
# # reverse_proxy :8686
|
||||
# # }
|
||||
# lidarr.h.lyte.dev {
|
||||
# reverse_proxy :8686
|
||||
# }
|
||||
|
||||
# # radarr.h.lyte.dev {
|
||||
# # reverse_proxy :7878
|
||||
# # }
|
||||
# radarr.h.lyte.dev {
|
||||
# reverse_proxy :7878
|
||||
# }
|
||||
|
||||
# # sonarr.h.lyte.dev {
|
||||
# # reverse_proxy :8989
|
||||
# # }
|
||||
# sonarr.h.lyte.dev {
|
||||
# reverse_proxy :8989
|
||||
# }
|
||||
|
||||
# # bazarr.h.lyte.dev {
|
||||
# # reverse_proxy :$${toString config.services.bazarr.listenPort}
|
||||
# # }
|
||||
# bazarr.h.lyte.dev {
|
||||
# reverse_proxy :$${toString config.services.bazarr.listenPort}
|
||||
# }
|
||||
|
||||
# bw.lyte.dev {
|
||||
# reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
|
||||
# }
|
||||
bw.lyte.dev {
|
||||
reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
|
||||
}
|
||||
|
||||
# api.lyte.dev {
|
||||
# reverse_proxy :${toString config.services.api-lyte-dev.port}
|
||||
# }
|
||||
api.lyte.dev {
|
||||
reverse_proxy :${toString config.services.api-lyte-dev.port}
|
||||
}
|
||||
|
||||
# a.lyte.dev {
|
||||
# reverse_proxy :${toString config.services.plausible.server.port}
|
||||
# }
|
||||
a.lyte.dev {
|
||||
reverse_proxy :${toString config.services.plausible.server.port}
|
||||
}
|
||||
|
||||
# nextcloud.lyte.dev {
|
||||
# reverse_proxy :${toString 9999}
|
||||
# }
|
||||
nextcloud.lyte.dev {
|
||||
reverse_proxy :${toString 9999}
|
||||
}
|
||||
|
||||
# git.lyte.dev {
|
||||
# reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
|
||||
# }
|
||||
git.lyte.dev {
|
||||
reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
|
||||
}
|
||||
|
||||
# files.lyte.dev {
|
||||
# file_server browse {
|
||||
# # browse template
|
||||
# # hide .*
|
||||
# root /storage/files.lyte.dev
|
||||
# }
|
||||
# }
|
||||
files.lyte.dev {
|
||||
file_server browse {
|
||||
# browse template
|
||||
# hide .*
|
||||
root /storage/files.lyte.dev
|
||||
}
|
||||
}
|
||||
|
||||
# nix.h.lyte.dev {
|
||||
# reverse_proxy :${toString config.services.nix-serve.port}
|
||||
# }
|
||||
nix.h.lyte.dev {
|
||||
reverse_proxy :${toString config.services.nix-serve.port}
|
||||
}
|
||||
|
||||
# # proxy everything else to chromebox
|
||||
# :80 {
|
||||
# reverse_proxy 10.0.0.5:80
|
||||
# }
|
||||
# proxy everything else to chromebox
|
||||
:80 {
|
||||
reverse_proxy 10.0.0.5:80
|
||||
}
|
||||
|
||||
# :443 {
|
||||
# reverse_proxy 10.0.0.5:443
|
||||
# }
|
||||
# '';
|
||||
:443 {
|
||||
reverse_proxy 10.0.0.5:443
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
|
@ -581,10 +580,10 @@ in {
|
|||
hosts deny = 0.0.0.0/0
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
# load printers = yes
|
||||
# printing = cups
|
||||
# printcap name = cups
|
||||
'';
|
||||
# load printers = yes
|
||||
# printing = cups
|
||||
# printcap name = cups
|
||||
shares = {
|
||||
libre = {
|
||||
path = "/storage/libre";
|
||||
|
|
Loading…
Reference in a new issue