From 1dd77eb5ac704bbbe039f774f6d8886a62ed1fab Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Thu, 23 Jun 2022 08:13:46 +0200 Subject: [PATCH] delete non existing computers --- nixos/configs/porani/configuration.nix | 56 -- .../configs/porani/hardware-configuration.nix | 81 --- nixos/configs/porani/kodi.nix | 38 - nixos/configs/porani/mpd.nix | 11 - nixos/configs/porani/packages.nix | 5 - nixos/configs/porani/syncthing.nix | 67 -- nixos/configs/porani/tinc.nix | 16 - nixos/configs/porani/wifi-access-point.nix | 76 -- nixos/configs/porani/wifi-networking.nix | 2 - nixos/configs/sputnik/bitwarden.nix | 12 - nixos/configs/sputnik/codimd.nix | 38 - nixos/configs/sputnik/configuration.nix | 56 -- nixos/configs/sputnik/grocy.nix | 16 - .../sputnik/hardware-configuration.nix | 23 - nixos/configs/sputnik/iodined.nix | 20 - nixos/configs/sputnik/nginx.nix | 458 ------------ nixos/configs/sputnik/syncplay.nix | 5 - nixos/configs/sputnik/tinc.nix | 16 - nixos/configs/workhorse/borg.nix | 30 - nixos/configs/workhorse/castget.nix | 22 - nixos/configs/workhorse/configuration.nix | 77 -- nixos/configs/workhorse/finance.nix | 58 -- nixos/configs/workhorse/gogs.nix | 122 ---- nixos/configs/workhorse/grafana.nix | 38 - nixos/configs/workhorse/graylog.nix | 130 ---- .../workhorse/hardware-configuration.nix | 121 ---- nixos/configs/workhorse/jenkins.nix | 203 ------ nixos/configs/workhorse/jupyter.nix | 71 -- nixos/configs/workhorse/kibana.nix | 25 - nixos/configs/workhorse/mail-fetcher.nix | 661 ------------------ nixos/configs/workhorse/metabase.nix | 24 - nixos/configs/workhorse/mining.nix | 52 -- nixos/configs/workhorse/mysql.nix | 20 - nixos/configs/workhorse/nextcloud.nix | 362 ---------- nixos/configs/workhorse/packages.nix | 1 - nixos/configs/workhorse/prometheus.nix | 106 --- nixos/configs/workhorse/property.nix | 43 -- nixos/configs/workhorse/syncthing.nix | 140 ---- nixos/configs/workhorse/taskserver.nix | 16 - nixos/configs/workhorse/tinc.nix | 23 - nixos/configs/workhorse/transmission.nix | 285 -------- nixos/configs/workhorse/weechat.nix | 38 - nixos/configs/workout/configuration.nix | 59 -- .../workout/hardware-configuration.nix | 70 -- nixos/configs/workout/kibana.nix | 26 - nixos/configs/workout/lan.nix | 27 - nixos/configs/workout/packages.nix | 33 - nixos/configs/workout/slack.nix | 14 - nixos/configs/workout/syncthing.nix | 86 --- nixos/configs/workout/tinc.nix | 14 - 50 files changed, 3993 deletions(-) delete mode 100644 nixos/configs/porani/configuration.nix delete mode 100644 nixos/configs/porani/hardware-configuration.nix delete mode 100644 nixos/configs/porani/kodi.nix delete mode 100644 nixos/configs/porani/mpd.nix delete mode 100644 nixos/configs/porani/packages.nix delete mode 100644 nixos/configs/porani/syncthing.nix delete mode 100644 nixos/configs/porani/tinc.nix delete mode 100644 nixos/configs/porani/wifi-access-point.nix delete mode 100644 nixos/configs/porani/wifi-networking.nix delete mode 100644 nixos/configs/sputnik/bitwarden.nix delete mode 100644 nixos/configs/sputnik/codimd.nix delete mode 100644 nixos/configs/sputnik/configuration.nix delete mode 100644 nixos/configs/sputnik/grocy.nix delete mode 100644 nixos/configs/sputnik/hardware-configuration.nix delete mode 100644 nixos/configs/sputnik/iodined.nix delete mode 100644 nixos/configs/sputnik/nginx.nix delete mode 100644 nixos/configs/sputnik/syncplay.nix delete mode 100644 nixos/configs/sputnik/tinc.nix delete mode 100644 nixos/configs/workhorse/borg.nix delete mode 100644 nixos/configs/workhorse/castget.nix delete mode 100644 nixos/configs/workhorse/configuration.nix delete mode 100644 nixos/configs/workhorse/finance.nix delete mode 100644 nixos/configs/workhorse/gogs.nix delete mode 100644 nixos/configs/workhorse/grafana.nix delete mode 100644 nixos/configs/workhorse/graylog.nix delete mode 100644 nixos/configs/workhorse/hardware-configuration.nix delete mode 100644 nixos/configs/workhorse/jenkins.nix delete mode 100644 nixos/configs/workhorse/jupyter.nix delete mode 100644 nixos/configs/workhorse/kibana.nix delete mode 100644 nixos/configs/workhorse/mail-fetcher.nix delete mode 100644 nixos/configs/workhorse/metabase.nix delete mode 100644 nixos/configs/workhorse/mining.nix delete mode 100644 nixos/configs/workhorse/mysql.nix delete mode 100644 nixos/configs/workhorse/nextcloud.nix delete mode 100644 nixos/configs/workhorse/packages.nix delete mode 100644 nixos/configs/workhorse/prometheus.nix delete mode 100644 nixos/configs/workhorse/property.nix delete mode 100644 nixos/configs/workhorse/syncthing.nix delete mode 100644 nixos/configs/workhorse/taskserver.nix delete mode 100644 nixos/configs/workhorse/tinc.nix delete mode 100644 nixos/configs/workhorse/transmission.nix delete mode 100644 nixos/configs/workhorse/weechat.nix delete mode 100644 nixos/configs/workout/configuration.nix delete mode 100644 nixos/configs/workout/hardware-configuration.nix delete mode 100644 nixos/configs/workout/kibana.nix delete mode 100644 nixos/configs/workout/lan.nix delete mode 100644 nixos/configs/workout/packages.nix delete mode 100644 nixos/configs/workout/slack.nix delete mode 100644 nixos/configs/workout/syncthing.nix delete mode 100644 nixos/configs/workout/tinc.nix diff --git a/nixos/configs/porani/configuration.nix b/nixos/configs/porani/configuration.nix deleted file mode 100644 index bc3385d..0000000 --- a/nixos/configs/porani/configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ pkgs, lib, config, ... }: { - imports = [ - - - ./hardware-configuration.nix - - ./tinc.nix - ./syncthing.nix - #./kodi.nix - - ]; - - networking.hostName = "porani"; - - # not needed because not encrypted - # enable initrd ssh - #configuration.init-ssh = { - # enable = "enabled"; - # kernelModules = [ "e1000e" ]; - # hostECDSAKey = ; - #}; - - # programs - programs.custom.vim.enable = true; - environment.systemPackages = [ pkgs.mosh ]; - - # wifi setup - system.custom.wifi = { - enable = true; - configurationFile = ; - interfaces = [ "wlp3s0" ]; - }; - # nix-shell -p speedtest_cli --run speedtest - configuration.fireqos = { - enable = true; - interface = "wlp3s0"; - input = 2500; - output = 1200; - balance = false; - }; - - # nix-shell -p speedtest_cli --run speedtest - #configuration.fireqos = { - # enable = true; - # interface = "eth0"; - # input = 2500; - # output = 1200; - # balance = false; - #}; - - # new Zealand overwrites - # services.netdata.enable = lib.mkForce false ; - services.SystemdJournal2Gelf.enable = lib.mkForce false; - -} - diff --git a/nixos/configs/porani/hardware-configuration.nix b/nixos/configs/porani/hardware-configuration.nix deleted file mode 100644 index 269d03a..0000000 --- a/nixos/configs/porani/hardware-configuration.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ - - - # boot loader - # ----------- - { - # Use the systemd-boot EFI boot loader, not grub - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - #boot.loader.grub = { - # device = "/dev/sda"; - # enable = true; - # version = 2; - #}; - } - - # kernel - # ------ - { - boot.initrd.availableKernelModules = - [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - } - - # automount - # --------- - ( - let mediaUUID = "3d106f56-89e5-400d-9d6b-1dd957919548"; - in { - fileSystems."/media" = { - device = "/dev/disk/by-uuid/${mediaUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${mediaUUID}"; - where = "/media"; - }]; - } - ) - ]; - - # NTFS support - # ------------ - environment.systemPackages = [ pkgs.ntfs3g ]; - - # partitions - # ---------- - fileSystems."/" = { - device = "/dev/disk/by-uuid/77a3e839-5a80-4777-93c3-31be7f0cb99d"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/FBFB-8DA5"; - fsType = "vfat"; - }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/192a8bd6-e5f7-4e66-b69e-f3da701da343"; - fsType = "ext4"; - }; - fileSystems."/backup" = { - device = "/dev/disk/by-uuid/ca895f0e-f932-4a9e-b2ff-a1a488b0953d"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - -} diff --git a/nixos/configs/porani/kodi.nix b/nixos/configs/porani/kodi.nix deleted file mode 100644 index 82fec19..0000000 --- a/nixos/configs/porani/kodi.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: { - - services.xserver = { - enable = true; - autorun = true; - desktopManager = { - kodi.enable = true; - default = "kodi"; - xterm.enable = false; - }; - displayManager = { - sddm = { - enable = true; - autoLogin = { - enable = true; - relogin = true; - user = config.users.users.kodi.name; - }; - }; - }; - }; - - users = { - # mutableUsers = true; - users.kodi = { - isNormalUser = true; - name = "kodi"; - uid = 1338; - initialPassword = lib.fileContents ; - }; - }; - - # allow everybody in the net to access the wifi - networking.firewall = { - allowedTCPPorts = [ 8080 ]; - allowedUDPPorts = [ 8080 ]; - }; -} diff --git a/nixos/configs/porani/mpd.nix b/nixos/configs/porani/mpd.nix deleted file mode 100644 index b4dbd90..0000000 --- a/nixos/configs/porani/mpd.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: { - - sound.enable = true; - - services.mpd = { - enable = true; - network.listenAddress = "any"; - musicDirectory = "/media/music-library"; - }; - -} diff --git a/nixos/configs/porani/packages.nix b/nixos/configs/porani/packages.nix deleted file mode 100644 index 83d55c6..0000000 --- a/nixos/configs/porani/packages.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: { - - environment.systemPackages = [ ]; - -} diff --git a/nixos/configs/porani/syncthing.nix b/nixos/configs/porani/syncthing.nix deleted file mode 100644 index a56a1ac..0000000 --- a/nixos/configs/porani/syncthing.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, lib, ... }: { - - networking.firewall.interfaces."tinc.secure".allowedTCPPorts = [ 8384 ]; - - custom.samba-share = { - enable = true; - folders = { - movies = config.services.syncthing.declarative.folders.movies.path; - series = config.services.syncthing.declarative.folders.series.path; - music = config.services.syncthing.declarative.folders.music-library.path; - }; - }; - - services.syncthing = { - guiAddress = lib.mkForce "${config.networking.hostName}.secret:8384"; - enable = true; - openDefaultPorts = true; - declarative = { - cert = toString ; - key = toString ; - overrideFolders = true; - folders = { - # on media hard drive (not encrypted) - # ----------------------------------- - movies = { - enable = true; - path = "/media/movies"; - rescanInterval = 8 * 3600; - }; - music-library = { - enable = true; - path = "/media/music-library"; - rescanInterval = 8 * 3600; - }; - series = { - enable = true; - path = "/media/series"; - rescanInterval = 8 * 3600; - }; - }; - }; - }; - - system.permown."/media" = { - owner = "syncthing"; - group = "syncthing"; - }; - systemd.services."permown._media" = { - bindsTo = [ "media.mount" ]; - after = [ "media.mount" ]; - }; - systemd.services."syncthing" = { - bindsTo = [ "media.mount" ]; - after = [ "media.mount" ]; - }; - - users.groups."syncthing".members = [ - "mpd" - "syncthing" - "kodi" - "palo" - ]; - - backup.dirs = [ "/var/lib/syncthing/finance" ]; - -} - diff --git a/nixos/configs/porani/tinc.nix b/nixos/configs/porani/tinc.nix deleted file mode 100644 index d59624f..0000000 --- a/nixos/configs/porani/tinc.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: { - - module.cluster.services.tinc = { - #"private" = { - # enable = true; - # openPort = true; - # connectTo = [ "sputnik" ]; - #}; - "secure" = { - enable = true; - openPort = true; - connectTo = [ "sputnik" ]; - }; - }; - -} diff --git a/nixos/configs/porani/wifi-access-point.nix b/nixos/configs/porani/wifi-access-point.nix deleted file mode 100644 index e3eda40..0000000 --- a/nixos/configs/porani/wifi-access-point.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ lib, pkgs, ... }: - -let - wifi = "wlp0s29u1u2"; - ipAddress = "10.23.45.1"; - prefixLength = 24; - servedAddressRange = "10.23.45.2,10.23.45.150,12h"; - ssid = "palosiot"; - wifiPassword = lib.fileContents ; - -in -{ - # todo only open needed ports - networking.firewall.trustedInterfaces = [ wifi ]; - - networking.networkmanager.unmanaged = [ wifi ]; - networking.dhcpcd.denyInterfaces = [ wifi ]; - - networking.interfaces."${wifi}".ipv4.addresses = [{ - address = ipAddress; - prefixLength = prefixLength; - }]; - - systemd.services.hostapd = { - description = "hostapd wireless AP"; - path = [ pkgs.hostapd ]; - wantedBy = [ "network.target" ]; - - after = [ - "${wifi}-cfg.service" - "nat.service" - "bind.service" - "dhcpd.service" - "sys-subsystem-net-devices-${wifi}.device" - ]; - - serviceConfig = { - ExecStart = "${pkgs.hostapd}/bin/hostapd ${ - pkgs.writeText "hostapd.conf" '' - interface=${wifi} - hw_mode=g - channel=10 - ieee80211d=1 - country_code=DE - ieee80211n=1 - wmm_enabled=1 - - ssid=${ssid} - auth_algs=1 - wpa=2 - wpa_key_mgmt=WPA-PSK - rsn_pairwise=CCMP - wpa_passphrase=${wifiPassword} - '' - }"; - Restart = "always"; - }; - }; - - services.dnsmasq = { - enable = true; - extraConfig = '' - # Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to - # localhost and udp port 67 to world: - interface=${wifi} - - # Explicitly specify the address to listen on - listen-address=${ipAddress} - - # Dynamic range of IPs to make available to LAN PC and the lease time. - # Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records. - dhcp-range=${servedAddressRange} - ''; - }; - -} diff --git a/nixos/configs/porani/wifi-networking.nix b/nixos/configs/porani/wifi-networking.nix deleted file mode 100644 index b70ab71..0000000 --- a/nixos/configs/porani/wifi-networking.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ config, lib, ... }: -{ } diff --git a/nixos/configs/sputnik/bitwarden.nix b/nixos/configs/sputnik/bitwarden.nix deleted file mode 100644 index 51b8e4c..0000000 --- a/nixos/configs/sputnik/bitwarden.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, lib, ... }: { - services.bitwarden_rs = { - enable = true; - config = { - domain = "https://bitwarden.ingolf-wagner.de"; - signupsAllowed = false; - rocketPort = 8222; - rocketLog = "critical"; - }; - }; - backup.dirs = [ "/var/lib/bitwarden_rs" ]; -} diff --git a/nixos/configs/sputnik/codimd.nix b/nixos/configs/sputnik/codimd.nix deleted file mode 100644 index 21d432b..0000000 --- a/nixos/configs/sputnik/codimd.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: -let - domain = "md.ingolf-wagner.de"; -in -{ - - services.nginx.enable = true; - services.nginx.virtualHosts.hedgedoc = { - enableACME = true; - forceSSL = true; - serverName = domain; - locations."/" = { - proxyPass = "http://localhost:3091"; - proxyWebsockets = true; - - #extraConfig = '' - # client_max_body_size 4G; - #''; - }; - }; - - services.hedgedoc = { - enable = true; - configuration = { - db = { - dialect = "sqlite"; - storage = "/var/lib/hedgedoc/db.sqlite"; - useCDN = false; - }; - allowFreeURL = true; - domain = domain; - port = 3091; - useCDN = false; - }; - }; - -} - diff --git a/nixos/configs/sputnik/configuration.nix b/nixos/configs/sputnik/configuration.nix deleted file mode 100644 index ae58792..0000000 --- a/nixos/configs/sputnik/configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, pkgs, lib, ... }: { - imports = [ - - ../../system/proxy - ./hardware-configuration.nix - - ../../system/server/packages.nix - ./nginx.nix - ./tinc.nix - ./bitwarden.nix - #./codimd.nix - #./syncplay.nix - ./grocy.nix - - ]; - - sops.defaultSopsFile = ../../secrets/sputnik.yaml; - networking.hostName = "sputnik"; - networking.useDHCP = true; - - boot.kernelParams = [ "net.ifnames=0" ]; - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/sda"; - }; - - # nix-shell -p speedtest_cli --run speedtest - configuration.fireqos = { - enable = true; - interface = "eth0"; - input = 55000; - output = 4000; - balance = false; - }; - - services.custom.ssh.sshd.rootKeyFiles = - [ ../../assets/ssh/jenkins.pub ]; - - # make sure ssh is only available trough the tinc - networking.firewall.extraCommands = '' - iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0 - ''; - - # enable all subdomains to be reached to make nginx rules easier - services.dnsmasq = with lib; { - enable = true; - extraConfig = '' - ${concatStringsSep "\n" - (flip mapAttrsToList config.module.cluster.services.tinc."private".hosts - (name: attrs: "address=/.${name}.private/${attrs.tincIp}"))} - ''; - }; - -} - diff --git a/nixos/configs/sputnik/grocy.nix b/nixos/configs/sputnik/grocy.nix deleted file mode 100644 index 614a8b9..0000000 --- a/nixos/configs/sputnik/grocy.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.grocy = { - enable = true; - settings = { - culture = "de"; - currency = "EUR"; - }; - hostName = "grocy.ingolf-wagner.de"; - nginx.enableSSL = true; - }; - - backup.dirs = [ config.services.grocy.dataDir ]; - -} diff --git a/nixos/configs/sputnik/hardware-configuration.nix b/nixos/configs/sputnik/hardware-configuration.nix deleted file mode 100644 index acc233c..0000000 --- a/nixos/configs/sputnik/hardware-configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ modulesPath, config, lib, pkgs, ... }: - -{ - #imports = [ ]; - imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; - - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/8f2986a3-d2b0-4735-be98-9ec081b87984"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} diff --git a/nixos/configs/sputnik/iodined.nix b/nixos/configs/sputnik/iodined.nix deleted file mode 100644 index dae7e72..0000000 --- a/nixos/configs/sputnik/iodined.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, config, ... }: -let - domain = "io.ingolf-wagner.de"; - publicIp = "195.201.134.247"; - pw = import ; -in -{ - - services.iodine.server = { - enable = true; - domain = domain; - ip = "172.16.10.1/24"; - extraConfig = "-c -P ${pw} -l ${publicIp}"; - }; - - #krebs.iptables.tables.filter.INPUT.rules = [ - #{ predicate = "-p udp --dport 53"; target = "ACCEPT";} - #]; - -} diff --git a/nixos/configs/sputnik/nginx.nix b/nixos/configs/sputnik/nginx.nix deleted file mode 100644 index 1359017..0000000 --- a/nixos/configs/sputnik/nginx.nix +++ /dev/null @@ -1,458 +0,0 @@ -{ config, lib, pkgs, ... }: -let - - # todo create flake for this - errorPages = pkgs.fetchgit { - url = "https://git.ingolf-wagner.de/palo/http-errors.git"; - rev = "74b8e4c1d9bbba3db6ad858b888e1867318af1f0"; - sha256 = "0czdzafx4k76q773lyf3vsjm74g1995iz542dhw15kpy5xbivsrg"; - }; - - error = { - extraConfig = '' - error_page 400 /errors/400.html; - error_page 401 /errors/401.html; - error_page 402 /errors/402.html; - error_page 403 /errors/403.html; - error_page 404 /errors/404.html; - error_page 405 /errors/405.html; - error_page 406 /errors/406.html; - error_page 500 /errors/500.html; - error_page 501 /errors/501.html; - error_page 502 /errors/502.html; - error_page 503 /errors/503.html; - error_page 504 /errors/504.html; - ''; - locations."^~ /errors/" = { - extraConfig = "internal;"; - root = "${errorPages}/"; - }; - }; -in -{ - - networking.firewall.allowedTCPPorts = - [ 80 443 2222 config.services.taskserver.listenPort ]; - networking.firewall.allowedUDPPorts = - [ 80 443 2222 config.services.taskserver.listenPort ]; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - - "bitwarden.ingolf-wagner.de" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://localhost:${ - toString config.services.bitwarden_rs.config.rocketPort - }"; - }; - }; - - - #"git.ingolf-wagner.de" = { - # #listen = [ - # # { - # # addr = "0.0.0.0"; - # # port = 4443; - # # ssl = true; - # # } - # # { - # # addr = "0.0.0.0"; - # # port = 80; - # # ssl = false; - # # } - # #]; - # forceSSL = true; - # enableACME = true; - # extraConfig = error.extraConfig; - # locations = { - # "/" = { - # proxyPass = "http://workhorse.private:3000"; - # extraConfig = '' - # if ($request_method = 'OPTIONS') { - # add_header 'Access-Control-Allow-Origin' '*'; - # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - # # - # # Custom headers and headers various browsers *should* be OK with but aren't - # # - # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - # # - # # Tell client that this pre-flight info is valid for 20 days - # # - # add_header 'Access-Control-Max-Age' 1728000; - # add_header 'Content-Type' 'text/plain; charset=utf-8'; - # add_header 'Content-Length' 0; - # return 204; - # } - # if ($request_method = 'POST') { - # add_header 'Access-Control-Allow-Origin' '*'; - # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - # add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - # } - # if ($request_method = 'GET') { - # add_header 'Access-Control-Allow-Origin' '*'; - # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - # add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - # } - # ''; - # }; - # } // error.locations; - #}; - - #"grocy.ingolf-wagner.de" = { - # listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - # ]; - #}; - - #"paste.ingolf-wagner.de" = { - # #listen = [ - # # { - # # addr = "0.0.0.0"; - # # port = 4443; - # # ssl = true; - # # } - # # { - # # addr = "0.0.0.0"; - # # port = 80; - # # ssl = false; - # # } - # #]; - # forceSSL = true; - # enableACME = true; - # extraConfig = error.extraConfig; - # locations = { - # "/" = { proxyPass = "http://workhorse.private:8000"; }; - # } // error.locations; - #}; - - "travel.ingolf-wagner.de" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { - root = "/srv/www/travel"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; - } // error.locations; - }; - - "tech.ingolf-wagner.de" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { - root = "/srv/www/tech"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; - } // error.locations; - }; - - "preview.tech.ingolf-wagner.de" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { - basicAuth.moderator = "IwantitIwantitIwantit"; - root = "/srv/www/tech_preview"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; - } // error.locations; - }; - - "terranix.org" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { - root = "/srv/www/terranix"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; - } // error.locations; - }; - - #"chat.ingolf-wagner.de" = { - # listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - # ]; - # forceSSL = true; - # enableACME = true; - # extraConfig = error.extraConfig; - # locations = { - # "/" = { - # proxyPass = "http://chat.workhorse.private"; - # proxyWebsockets = true; - # extraConfig = '' - # sub_filter "http://chat.ingolf-wagner.de" "https://chat.ingolf-wagner.de"; - # sub_filter "chat.workhorse.private" "chat.ingolf-wagner.de"; - # ''; - # }; - # } // error.locations; - #}; - - "nextcloud.ingolf-wagner.de" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { - proxyPass = "http://nextcloud.workhorse.private"; - extraConfig = '' - sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; - sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; - # used for view/edit office file via Office Online Server - client_max_body_size 0; - ''; - }; - "= /.well-known/carddav" = { - priority = 210; - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - "= /.well-known/caldav" = { - priority = 210; - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - "~ .(?:css|js|svg|gif)$" = { - proxyPass = "http://nextcloud.workhorse.private$request_uri"; - extraConfig = '' - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; - sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; - # used for view/edit office file via Office Online Server - client_max_body_size 0; - ''; - }; - "~ .woff2?$" = { - proxyPass = "http://nextcloud.workhorse.private$request_uri"; - extraConfig = '' - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; - sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; - # used for view/edit office file via Office Online Server - client_max_body_size 0; - ''; - }; - - } // error.locations; - }; - - "gaykraft.com" = { - #listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - #]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { root = "/srv/www/gaykraft"; }; - } // error.locations; - }; - - }; - }; - - services.sslh = { - enable = false; - listenAddresses = [ "0.0.0.0" ]; - port = 443; - verbose = true; - transparent = true; - # List of protocols - # - # Each protocol entry consists of: - # name: name of the probe. These are listed on the command line (ssh -?), plus 'regex' and 'timeout'. - # service: (optional) libwrap service name (see hosts_access(5)) - # host, port: where to connect when this probe succeeds - # log_level: 0 to turn off logging - # 1 to log each incoming connection - # keepalive: Should TCP keepalive be on or off for that - # connection (default is off) - # fork: Should a new process be forked for this protocol? - # (only useful for sslh-select) - # tfo_ok: Set to true if the server supports TCP FAST OPEN - # - # Probe-specific options: - # (sslh will try each probe in order they are declared, and - # connect to the first that matches.) - # - # tls: - # sni_hostnames: list of FQDN for that target - # alpn_protocols: list of ALPN protocols for that target, see: - # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids - # - # if both sni_hostnames AND alpn_protocols are specified, both must match - # - # if neither are set, it is just checked whether this is the TLS protocol or not - # - # Obviously set the most specific probes - # first, and if you use TLS with no ALPN/SNI - # set it as the last TLS probe - # regex: - # regex_patterns: list of patterns to match for - # that target. - # - # You can specify several of 'regex' and 'tls'. - appendConfig = '' - protocols: - ( - { name: "ssh"; service: "ssh"; host: "localhost"; port: "2222";}, - { name: "tls"; host: "localhost"; port: "4443";}, - { name: "tinc"; host: "localhost"; port: "655"; } - ); - ''; - }; - - #systemd.services."socat-proxy" = { - # wantedBy = [ "sslh.service" "multi-user.target" ]; - # after = [ "sslh.service" ]; - # script = '' - # ${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222 - # ''; - #}; - - systemd.services."socat-taskd" = { - wantedBy = [ "multi-user.target" ]; - script = - let port = toString config.services.taskserver.listenPort; - in '' - ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port} - ''; - }; - - #systemd.services."socat-gogs-ssh" = { - # wantedBy = [ "multi-user.target" ]; - # script = - # let port = "2222"; - # in '' - # ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port} - # ''; - #}; - -} diff --git a/nixos/configs/sputnik/syncplay.nix b/nixos/configs/sputnik/syncplay.nix deleted file mode 100644 index f05d6a0..0000000 --- a/nixos/configs/sputnik/syncplay.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, ... }: { - services.syncplay.enable = true; - networking.firewall.allowedTCPPorts = [ config.services.syncplay.port ]; - networking.firewall.allowedUDPPorts = [ config.services.syncplay.port ]; -} diff --git a/nixos/configs/sputnik/tinc.nix b/nixos/configs/sputnik/tinc.nix deleted file mode 100644 index 0f8bcfb..0000000 --- a/nixos/configs/sputnik/tinc.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: { - module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - }; - "secret" = { - enable = true; - openPort = true; - }; - }; - - users.users."tinc.secret".group = "tinc.secret"; - users.groups."tinc.secret" = { }; - -} diff --git a/nixos/configs/workhorse/borg.nix b/nixos/configs/workhorse/borg.nix deleted file mode 100644 index 7e5bda0..0000000 --- a/nixos/configs/workhorse/borg.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, config, pkgs, ... }: { - - services.borgbackup.repos = { - default = { - quota = "100G"; - allowSubRepos = true; - authorizedKeys = [ - (lib.fileContents ../../assets/ssh/borg_access.pub) - (lib.fileContents ../../assets/ssh/card_rsa.pub) - ]; - }; - }; - - # mirror backup folder to /media - systemd.services.borg-mirror-to-media = { - enable = true; - script = '' - ${pkgs.rsync}/bin/rsync -a \ - /var/lib/borgbackup/ \ - /media/borg-backup-mirror \ - --delete-after - ''; - }; - systemd.timers.borg-mirror-to-media = { - enable = true; - timerConfig.OnCalendar = "daily"; - wantedBy = [ "multi-user.target" ]; - }; - -} diff --git a/nixos/configs/workhorse/castget.nix b/nixos/configs/workhorse/castget.nix deleted file mode 100644 index 0742dad..0000000 --- a/nixos/configs/workhorse/castget.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: -let - - home = "/home/syncthing/podcasts"; - -in -{ - custom.services.castget = { - enable = true; - user = "root"; - feeds = { - Alternativlos = { - url = "https://alternativlos.org/alternativlos.rss"; - spool = "${home}/alternativlos"; - }; - gegenstandpunkt = { - url = "https://pc.argudiss.de/"; - spool = "${home}/GegenStandpunkt"; - }; - }; - }; -} diff --git a/nixos/configs/workhorse/configuration.nix b/nixos/configs/workhorse/configuration.nix deleted file mode 100644 index 1de2955..0000000 --- a/nixos/configs/workhorse/configuration.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ lib, config, pkgs, ... }: { - imports = [ - - ../../system/server - ./hardware-configuration.nix - - ./mail-fetcher.nix - #./transmission.nix - #./nextcloud.nix - - ./borg.nix - ./finance.nix - ./gogs.nix - ./grafana.nix - ./graylog.nix - #./jenkins.nix - #./kibana.nix - ./mysql.nix - ./packages.nix - ./prometheus.nix - #./syncthing.nix - ./taskserver.nix - ./tinc.nix - ./weechat.nix - - #./property.nix # flask sucks, find something else - - ]; - - sops.defaultSopsFile = ../../secrets/workhorse.yaml; - - nixpkgs.config.permittedInsecurePackages = - [ "gogs-0.11.91" ]; - - # todo: add this to each file instead summing that here - #on-failure.plans = { - # gogs.name = "gogs"; - # jenkins.name = "jenkins"; - # graylog.name = "graylog"; - # prometheus.name = "prometheus"; - # taskserver.name = "taskserver"; - # weechat.name = "weechat"; - # transmission.name = "transmission"; - # mail-fetcher.name = "fetchmail"; - #}; - - networking.hostName = "workhorse"; - - # font - # ---- - programs.custom.urxvt.fontSize = 17; - programs.custom.xterm.fontSize = 17; - system.custom.fonts.dpi = 140; - - # enable initrd ssh - configuration.init-ssh = { - enable = "enabled"; - kernelModules = [ "r8169" ]; - hostKey = "/etc/ssh/ssh_host_ed25519_key"; - }; - - # nix-shell -p speedtest_cli --run speedtest - configuration.fireqos = { - enable = true; - interface = "enp2s0f1"; - input = 45000; - output = 8000; - balance = false; - }; - - virtualisation = { docker.enable = false; }; - - services.printing.enable = false; - services.smartd.enable = true; - -} - diff --git a/nixos/configs/workhorse/finance.nix b/nixos/configs/workhorse/finance.nix deleted file mode 100644 index 76de251..0000000 --- a/nixos/configs/workhorse/finance.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, config, pkgs, ... }: -let - - # find symbols with - # https://www.alphavantage.co/query?function=SYMBOL_SEARCH&apikey=&keywords= - # as described here : https://www.alphavantage.co/documentation/#symbolsearch - # - # example: - # -------- - # stocks = [ - # { - # friendly_name = "google"; - # symbol = "GOOGL.DEX"; - # name = "google"; - # currency = "$"; - # } - # ]; - # results in - # P 2020-01-30 GOOGL $123 - stocks = import ../../private_assets/finance/stocks; - stocksFile = toString /home/syncthing/finance/hledger/stocks.journal; - -in -{ - - systemd.services.pull_stocks = { - enable = true; - description = "pull stocks for hledger"; - serviceConfig = { - User = "syncthing"; - Type = "oneshot"; - }; - - script = - let - command = { symbol, name, currency, ... }: '' - APIKEY=${lib.fileContents ../../private_assets/finance/alphavantage/apiKey} - SYMBOL="${symbol}" - ${pkgs.curl}/bin/curl --location --silent \ - "https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \ - | ${pkgs.jq}/bin/jq --raw-output '.["Global Quote"] - | "P \(.["07. latest trading day"]) ${name} ${currency}\(.["05. price"] | tonumber)"' \ - >> ${stocksFile} - sleep 1 - ''; - in - lib.concatStringsSep "\n" (map command stocks); - }; - - systemd.timers.pull_stocks = { - enable = true; - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = "weekly"; - Persistent = "true"; - }; - }; -} diff --git a/nixos/configs/workhorse/gogs.nix b/nixos/configs/workhorse/gogs.nix deleted file mode 100644 index 258ceea..0000000 --- a/nixos/configs/workhorse/gogs.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ config, lib, pkgs, ... }: -let - - errorPages = pkgs.fetchgit { - url = "https://git.ingolf-wagner.de/palo/http-errors.git"; - rev = "74b8e4c1d9bbba3db6ad858b888e1867318af1f0"; - sha256 = "0czdzafx4k76q773lyf3vsjm74g1995iz542dhw15kpy5xbivsrg"; - }; - - error = { - extraConfig = '' - error_page 400 /errors/400.html; - error_page 401 /errors/401.html; - error_page 402 /errors/402.html; - error_page 403 /errors/403.html; - error_page 404 /errors/404.html; - error_page 405 /errors/405.html; - error_page 406 /errors/406.html; - error_page 500 /errors/500.html; - error_page 501 /errors/501.html; - error_page 502 /errors/502.html; - error_page 503 /errors/503.html; - error_page 504 /errors/504.html; - ''; - locations."^~ /errors/" = { - extraConfig = "internal;"; - root = "${errorPages}/"; - }; - }; - -in -{ - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "git.${config.networking.hostName}.private" = { - extraConfig = error.extraConfig; - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.gogs.httpPort - }"; - }; - }; - }; - }; - - services.gogs = { - enable = true; - appName = "Kruck GoGs"; - domain = "git.ingolf-wagner.de"; - httpPort = 3000; - repositoryRoot = "/home/gogs/repositories"; - stateDir = "/home/gogs"; - rootUrl = "https://git.ingolf-wagner.de/"; - extraConfig = '' - [service] - DISABLE_REGISTRATION = true - SHOW_REGISTRATION_BUTTON = false - [server] - SSH_DOMAIN = "git.ingolf-wagner.de" - SSH_PORT = 2222 - START_SSH_SERVER = true - SSH_LISTEN_PORT = 2222 - - [log.file] - LEVEL = Warn - - [log.console] - LEVEL = Warn - - [log.sublogger.macaron] - LEVEL = Warn - ''; - }; - backup.dirs = [ config.services.gogs.repositoryRoot ]; - - # services.nginx = { - # enable = true; - # statusPage = true; - # virtualHosts = { - # "gitlab.${config.networking.hostName}.private" = { - # extraConfig = error.extraConfig; - # locations."/" = { - # proxyPass = "http://${config.networking.hostName}.private:${ - # toString config.services.gitlab.port - # }"; - # }; - # }; - # }; - # }; - # services.gitlab = { - # enable = true; - # host = "gitlab.${config.networking.hostname}.private"; - # port = 9897; - # #databasePasswordFile = "path/todo"; - # #initialRootPasswordFile = "path/todo"; - # - # secrets = { - # # Make sure the secret is at least 30 characters and all random, - # # no regular words or you'll be exposed to dictionary attacks - # dbFile = "path/todo"; - # - # # openssl genrsa 2048 - # jwsFile = "path/todo"; - # - # # Make sure the secret is at least 30 characters and all random, - # # no regular words or you'll be exposed to dictionary attacks - # otpFile = "path/todo"; - # - # # Make sure the secret is at least 30 characters and all random, - # # no regular words or you'll be exposed to dictionary attacks - # secretFile = "path/todo"; - # }; - # - # # smtp? - # - # # gitlab-runner? - # }; - -} diff --git a/nixos/configs/workhorse/grafana.nix b/nixos/configs/workhorse/grafana.nix deleted file mode 100644 index c9c6390..0000000 --- a/nixos/configs/workhorse/grafana.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, ... }: { - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "grafana.${config.networking.hostName}.private" = { - serverAliases = [ ]; - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.grafana.port - }"; - }; - }; - }; - }; - - services.grafana = { - enable = true; - port = 5656; - addr = - config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp; - auth.anonymous = { - enable = true; - org_role = "Editor"; - org_name = "AWESOME"; - }; - provision = { - enable = true; - datasources = [{ - type = "prometheus"; - isDefault = true; - name = "Prometheus Workhorse"; - url = "http://workhorse.private:9090"; - }]; - }; - }; - -} diff --git a/nixos/configs/workhorse/graylog.nix b/nixos/configs/workhorse/graylog.nix deleted file mode 100644 index 8a31746..0000000 --- a/nixos/configs/workhorse/graylog.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, lib, pkgs, ... }: -let port = 9000; -in { - # configure nginx - services.nginx = { - enable = true; - virtualHosts = { - "graylog.workhorse.private" = { - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - extraConfig = '' - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 90; - proxy_redirect http://localhost:${ - toString port - } https://graylog.workhorse.private/; - ''; - }; - }; - }; - }; - - services.mongodb.enable = true; - services.elasticsearch = { - enable = true; - listenAddress = "${config.networking.hostName}.private"; - extraJavaOptions = [ "-Des.http.cname_in_publish_address=true" ]; - }; - - services.graylog.enable = true; - services.graylog.elasticsearchHosts = - [ "http://${config.services.elasticsearch.listenAddress}:9200" ]; - - # https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html - services.graylog.extraConfig = '' - http_bind_address = 0.0.0.0:${toString port} - http_publish_uri = http://workhorse.private:${toString port}/ - ''; - - # other wise this does not work - services.graylog.nodeIdFile = "/var/lib/graylog/node-id"; - - # pwgen -N 1 -s 96 - services.graylog.passwordSecret = - lib.fileContents ../../private_assets/graylog/password-secret; - - # echo -n yourpassword | shasum -a 256 - services.graylog.rootPasswordSha2 = - lib.fileContents ../../private_assets/graylog/root-password-hash; - - services.graylog.plugins = [ pkgs.graylogPlugins.slack ]; - - # not working at the moment - #services.geoip-updater.enable = true; - - # https://wiki.splunk.com/Http_status.csv - environment.etc."graylog/server/httpCodes.csv" = { - enable = true; - text = '' - status,status_description,status_type - 100,Continue,Informational - 101,Switching Protocols,Informational - 200,OK,Successful - 201,Created,Successful - 202,Accepted,Successful - 203,Non-Authoritative Information,Successful - 204,No Content,Successful - 205,Reset Content,Successful - 206,Partial Content,Successful - 300,Multiple Choices,Redirection - 301,Moved Permanently,Redirection - 302,Found,Redirection - 303,See Other,Redirection - 304,Not Modified,Redirection - 305,Use Proxy,Redirection - 307,Temporary Redirect,Redirection - 400,Bad Request,Client Error - 401,Unauthorized,Client Error - 402,Payment Required,Client Error - 403,Forbidden,Client Error - 404,Not Found,Client Error - 405,Method Not Allowed,Client Error - 406,Not Acceptable,Client Error - 407,Proxy Authentication Required,Client Error - 408,Request Timeout,Client Error - 409,Conflict,Client Error - 410,Gone,Client Error - 411,Length Required,Client Error - 412,Precondition Failed,Client Error - 413,Request Entity Too Large,Client Error - 414,Request-URI Too Long,Client Error - 415,Unsupported Media Type,Client Error - 416,Requested Range Not Satisfiable,Client Error - 417,Expectation Failed,Client Error - 500,Internal Server Error,Server Error - 501,Not Implemented,Server Error - 502,Bad Gateway,Server Error - 503,Service Unavailable,Server Error - 504,Gateway Timeout,Server Error - 505,HTTP Version Not Supported,Server Error - ''; - }; - - environment.etc."graylog/server/known_servers.csv" = { - enable = true; - text = '' - "ip","host_name" - "95.216.1.150","lassul.us" - ''; - }; - - environment.etc."graylog/systemd/loglevel.csv" = { - enable = true; - text = '' - "value","Servity","Description" - "0","emergency","System is unusable" - "1","alert","Should be corrected immediately" - "2","cirtical","Critical conditions" - "3","error","Error Condition" - "4","warning","May indicate that an error will occur if action is not taken." - "5","notice","Events that are unusual, but not error conditions." - "6","info","Normal operational messages that require no action." - "7","debug","Information useful to developers for debugging the application." - ''; - }; - -} diff --git a/nixos/configs/workhorse/hardware-configuration.nix b/nixos/configs/workhorse/hardware-configuration.nix deleted file mode 100644 index 13e4f89..0000000 --- a/nixos/configs/workhorse/hardware-configuration.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ config, lib, pkgs, ... }: - -let mainUserHome = "/home/palo"; -in { - - # grub configuration - # ------------------ - boot.loader.grub = { - device = "/dev/sda"; - enable = true; - version = 2; - }; - - # lvm volume group - # ---------------- - boot.initrd.luks.devices = { - vg = { - device = "/dev/sda2"; - preLVM = true; - }; - }; - - # NTFS support - # ------------ - environment.systemPackages = [ pkgs.ntfs3g ]; - - # root - # ---- - fileSystems."/" = { - options = [ "noatime" "nodiratime" "discard" ]; - device = "/dev/vg/root"; - fsType = "ext4"; - }; - - # boot - # ---- - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - - # home - # ---- - fileSystems."/home" = { - options = [ "noatime" "nodiratime" ]; - device = "/dev/mapper/decrypted_home"; - fsType = "ext4"; - encrypted = { - enable = true; - keyFile = "/mnt-root/root/keys/home.key"; - label = "decrypted_home"; - blkDev = "/dev/mapper/store-home"; - }; - }; - - # var/lib/docker - # -------------- - fileSystems."/var/lib/borgbackup" = { - options = [ "noatime" "nodiratime" ]; - device = "/dev/mapper/decrypted_docker"; - fsType = "ext4"; - encrypted = { - enable = true; - keyFile = "/mnt-root/root/keys/docker.key"; - label = "decrypted_docker"; - blkDev = "/dev/mapper/store-docker"; - }; - }; - - imports = [ - # automount - # --------- - ( - let mediaUUID = "b8ba192e-e2aa-47dd-85ec-dcf97ec9310a"; - in { - fileSystems."/media" = { - device = "/dev/disk/by-uuid/${mediaUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${mediaUUID}"; - where = "/media"; - }]; - } - ) - - ( - let backupUUID = "f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89"; - in { - fileSystems."/backup" = { - device = "/dev/disk/by-uuid/${backupUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${backupUUID}"; - where = "/backup"; - }]; - } - ) - ]; - -} - diff --git a/nixos/configs/workhorse/jenkins.nix b/nixos/configs/workhorse/jenkins.nix deleted file mode 100644 index 1f277d6..0000000 --- a/nixos/configs/workhorse/jenkins.nix +++ /dev/null @@ -1,203 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - library = import ../../library { inherit pkgs lib; }; - - sync-repo = library.jenkins.syncJob; - job = library.jenkins.job; - -in -{ - - environment.systemPackages = [ pkgs.cabal-install ]; - - services.nginx = { - enable = true; - virtualHosts = { - "jenkins.${config.networking.hostName}.private" = { - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.jenkins.port}"; - extraConfig = '' - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_read_timeout 90; - proxy_redirect http://localhost:${ - toString config.services.jenkins.port - } https://jenkins.${config.networking.hostName}.private/; - ''; - }; - }; - }; - }; - - sops.secrets.jenkins_token = { - owner = "jenkins"; - }; - - services.jenkins = { - enable = true; - home = "/home/jenkins"; - port = 10420; - - # Plugins to Install: - # - all the plugins recommended at the setup - # - Build pipeline - # - SSH Agent - # - mattermost plugin - jobBuilder = { - enable = true; - # create an access token in the admin users panel - accessTokenFile = config.sops.secrets.jenkins_token.path; - accessUser = "admin"; - - # https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules - nixJobs = - let - # ssh username + key - gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; - # ssh username + key - github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; - # ssh username + key - sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7"; - - sync-to-github = name: source: target: - sync-repo name - { - url = source; - credentialsId = gogs-id; - } - { - url = target; - credentialsId = github-id; - }; - - in - [ - - (job "sync-retiolum" - { - url = "git@github.com:krebs/retiolum.git"; - credentialsId = github-id; - triggers = [{ timed = "H/30 * * * *"; }]; - } [ - { - "Download Files" = [ - "chmod 755 hosts" - "chmod 755 -R hosts" - '' - nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"'' - "chmod 755 -R etc.hosts" - '' - nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"'' - ]; - } - { - "update repo" = [ - ''nix-shell -p git --run "git add ."'' - '' - nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"'' - ]; - } - { - Push = [{ - script = ''nix-shell -p git --run "git push origin master"''; - credentialsId = github-id; - }]; - } - ]) - - (job "test-taskninja" - { - url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git"; - credentialsId = gogs-id; - } [ - { - "Create Shell" = [ - '' - nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"'' - ]; - } - { Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; } - { - Configure = [ - ''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"'' - '' - nix-shell ./jenkins.nix --run "cabal install --only-dependencies"'' - ]; - } - { Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; } - { Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; } - ]) - - # sync to github - # -------------- - (sync-to-github "sync-radiodj" - "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj2.git" - "git@github.com:crashburn-radio/radio-dj.git") - (sync-to-github "sync-radiodj-tracks" - "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj-tracks.git" - "git@github.com:crashburn-radio/radio-dj-tracks.git") - - (sync-to-github "sync-krops-module" - "ssh://gogs@workhorse.private:2222/nix-modules/krops.git" - "git@github.com:mrVanDalo/module.krops.git") - - (sync-to-github "sync-cluster-module" - "ssh://gogs@workhorse.private:2222/nix-modules/cluster.git" - "git@github.com:mrVanDalo/module.cluster.git") - - (sync-to-github "sync-backup-module" - "ssh://gogs@workhorse.private:2222/nix-modules/backup.git" - "git@github.com:mrVanDalo/module.backup.git") - - (sync-to-github "sync-module-tinc" - "ssh://gogs@workhorse.private:2222/palo/nixos-tinc.git" - "git@github.com:mrVanDalo/nixos-tinc.git") - - (sync-to-github "sync-memo" - "ssh://gogs@workhorse.private:2222/palo/memo.git" - "git@github.com:mrVanDalo/memo.git") - - (sync-to-github "sync-diagrams-template" - "ssh://gogs@workhorse.private:2222/palo/diagrams-template.git" - "git@github.com:mrVanDalo/diagrams.git") - - (sync-to-github "sync-plops" - "ssh://gogs@workhorse.private:2222/palo/plops.git" - "git@github.com:mrVanDalo/plops.git") - - (sync-to-github "sync-image-generator" - "ssh://gogs@workhorse.private:2222/palo/image-generator2.git" - "git@github.com:mrVanDalo/image-generator.git") - - (sync-to-github "sync-image-generator-lib" - "ssh://gogs@workhorse.private:2222/palo/image-generator-lib.git" - "git@github.com:mrVanDalo/image-generator-examples.git") - - (sync-to-github "sync-tech.ingolf-wagner.de" - "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git" - "git@github.com:mrVanDalo/tech.ingolf-wagner.de.git") - - (sync-to-github "sync-LineageOS-build" - "ssh://gogs@git.ingolf-wagner.de:2222/palo/LineagoOS-build.git" - "git@github.com:mrVanDalo/LineagoOS-build.git") - - (sync-to-github "sync-http-errors" - "ssh://gogs@git.ingolf-wagner.de:2222/palo/http-errors.git" - "git@github.com:mrVanDalo/http-errors.git") - (sync-to-github "sync-light-control" - "ssh://gogs@git.ingolf-wagner.de:2222/palo/light-control.git" - "git@github.com:mrVanDalo/light-control.git") - - ]; - }; - }; - -} diff --git a/nixos/configs/workhorse/jupyter.nix b/nixos/configs/workhorse/jupyter.nix deleted file mode 100644 index 63bdf7c..0000000 --- a/nixos/configs/workhorse/jupyter.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ pkgs, lib, config, ... }: { - - services.jupyter = { - enable = true; - ip = "0.0.0.0"; - #In [1]: from notebook.auth import passwd - #In [2]: passwd('test') - #Out[2]: 'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba' - #NOTE: you need to keep the single quote inside nix string. - password = "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'"; - kernels = { - python3 = - let - env = (pkgs.python3.withPackages (pythonPackages: - with pythonPackages; [ - ipykernel - pandas - - # database stuff - mysqlclient - databases - asyncpg - psycopg2 - aiomysql - pymysql - aiosqlite - #aiopg - sqlalchemy - - # pdf export - nbconvert - ])); - in - { - displayName = "Python 3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - }; - }; - }; - - # to generate pdfs and such - environment.systemPackages = [ pkgs.pandoc ]; - - backup.dirs = [ "/var/lib/jupyter" ]; - backup.exclude = - [ "/var/lib/jupyter/.local" "/var/lib/jupyter/.ipynb_checkpoints" ]; - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "python.${config.networking.hostName}.private" = { - serverAliases = [ "jupyter.${config.networking.hostName}.private" ]; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.jupyter.port - }"; - }; - }; - }; - }; - -} diff --git a/nixos/configs/workhorse/kibana.nix b/nixos/configs/workhorse/kibana.nix deleted file mode 100644 index 279aea1..0000000 --- a/nixos/configs/workhorse/kibana.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: { - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "kibana.${config.networking.hostName}.private" = { - serverAliases = [ ]; - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.kibana.port - }"; - }; - }; - }; - }; - - services.elasticsearch.enable = true; - services.elasticsearch.listenAddress = "workhorse.private"; - - services.kibana.enable = true; - services.kibana.elasticsearch.hosts = [ "http://workhorse.private:9200" ]; - services.kibana.listenAddress = "workhorse.private"; - services.kibana.port = 5601; - -} diff --git a/nixos/configs/workhorse/mail-fetcher.nix b/nixos/configs/workhorse/mail-fetcher.nix deleted file mode 100644 index 8eb7c44..0000000 --- a/nixos/configs/workhorse/mail-fetcher.nix +++ /dev/null @@ -1,661 +0,0 @@ -# fetches mails for me -{ lib, pkgs, config, ... }: -let - junk_filter = [ - "from:booking.com" - "subject:Gewinn" - "from:brompton.com" - "from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)" - "from:codepen.io" - "from:congstarnews.de" - "from:cronullasurfingacademy.com" - "from:cryptohopper.com" - "from:digitalo.de" - "from:facebook.com OR from:facebookmail.com" - "from:fitnessfirst.de" - "from:flixbus.de" - "from:getdigital.de" - "from:getpocket.com" - "from:ghostinspector.com" - "from:globetrotter.de" - "from:hackster.io" - "from:hostelworld.com" - "from:immobilienscout24.de" - "from:kvraudio.com" - "from:letterboxd.com" - "from:linkedin.com" - "from:magix.net" - "from:mailings.gmx.net" - "from:mailings.web.de" - "from:matrix.org" - "from:menospese.com" - "from:microsoftstoreemail.com" - "from:mixcloudmail.com AND subject:Weekly Update" - "from:oknotify2.com AND NOT subject:New message" - "from:paulaschoice.com" - "from:puppet.com" - "from:runtastic.com" - "from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com" - "from:ticketmaster.de" - "from:trade4less.de" - "from:tumblr.com" - "from:turners.co.nz" - "from:twitch.tv" - "from:vstbuzz.com" - ]; - filters = [ - { - query = "from:hv-geelen.de"; - tags = [ "+wohnung" ]; - } - { - query = "from:computerfutures.com OR from:computerfutures.de"; - tags = [ "+jobs" "-inbox" ]; - } - { - query = "from:seek.com.au or from:seek.co.nz"; - tags = [ "+jobs" ]; - } - { - query = "from:xing.com"; - tags = [ "+jobs" "-inbox" ]; - } - { - query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com"; - tags = [ "+sononym" "-inbox" ]; - } - { - query = "from:ebay.com OR from:ebay.de OR from:ebay.net"; - tags = [ "+ebay" "+shop" "+billing" ]; - } - { - query = "from:bahn.de"; - tags = [ "+billing" "+bahn" ]; - } - { - query = - "from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com"; - tags = [ "+mia" "+work" "-unread" "-inbox" ]; - } - { - query = - "from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/"; - tags = [ "+spaceleft" "+space-left" ]; - } - { - query = "from:landr.com"; - tags = [ "+landr" "+music" ]; - } - { - query = "tag:landr and tag:billing"; - tags = [ "+billing" ]; - } - { - query = "from:oknotify2.com"; - tags = [ "+okcupid" ]; - } - { - query = "from:taxback.de OR to:taxback.de"; - tags = [ "+steuer" ]; - } - { - query = "from:campact.de"; - tags = [ "+campact" "+politics" ]; - } - { - query = "from:aliexpress.com"; - tags = [ "+shop" "+aliexpress" ]; - } - { - query = "from:congstar.de"; - tags = [ "+billing" "+congstar" "-inbox" "-unread" ]; - } - { - query = - "from:steampowered.com AND NOT ( subject:purchase OR subject:received )"; - tags = [ "-inbox" "-unread" ]; - } - { - query = - "from:steampowered.com AND ( subject:purchase OR subject:received )"; - tags = [ "+billing" "+steam" ]; - } - { - query = "from:gog.com AND NOT subject:Bestellung"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:gog.com AND subject:Bestellung"; - tags = [ "+billing" "+gog" ]; - } - { - query = "from:stadtmobil.de"; - tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ]; - } - { - query = "from:drive-now.com"; - tags = [ "+billing" "+drivenow" "-inbox" "-unread" ]; - } - { - query = "from:data-treuhand.de"; - tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ]; - } - { - query = "from:immocation.de"; - tags = [ "+immobilien" "-inbox" ]; - } - { - query = "from:tinc-vpn.org"; - tags = [ "+tinc" ]; - } - { - query = "from:mindfactory.de"; - tags = [ "+shop" "+billing" ]; - } - { - query = "from:zalando.de"; - tags = [ "+shop" "+billing" "+zalando" ]; - } - { - query = "from:ing.de"; - tags = [ "+bank" "+ingdiba" ]; - } - { - query = "from:nab.com.au"; - tags = [ "+bank" "+nab" "-inbox" "-unread" ]; - } - { - query = "from:dkb.de"; - tags = [ "+bank" "+dkb" ]; - } - { - query = "from:o2online.de"; - tags = [ "+billing" "+o2" ]; - } - { - query = "from:betfair.com"; - tags = [ "+work" "+betfair" ]; - } - { - query = "from:notifications@github.com"; - tags = [ "+github" ]; - } - { - query = "to:NUR@noreply.github.com"; - tags = [ "+nur" "+nixos" "+list" ]; - } - { - query = "to:nixpkgs@noreply.github.com"; - tags = [ "+nixpkgs" "+nixos" "+list" ]; - } - { - query = "from:travis-ci.org AND subject:mrVanDalo/navi"; - tags = [ "+development" "+navi" ]; - } - { - query = "from:travis-ci.org AND subject:nur-packages"; - tags = [ "+development" "+nixos" "+nur-packages" ]; - } - { - query = "from:travis-ci.org AND subject:csv-to-qif"; - tags = [ "+development" "+csv-to-qif" ]; - } - { - query = "to:proaudio@lists.tuxfamily.org"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:nixos1@discoursemail.com"; - tags = [ "+nixos" "+discourse" "+list" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Development"; - tags = [ "+nixos" "+discourse" "+development" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Français"; - tags = [ "+nixos" "+discourse" "-inbox" "-unread" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Announcements"; - tags = [ "+nixos" "+discourse" "+announcements" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Links"; - tags = [ "+nixos" "+discourse" "+links" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Games"; - tags = [ "+nixos" "+discourse" "+games" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Meta"; - tags = [ "+nixos" "+discourse" "+meta" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Events"; - tags = [ "+nixos" "+discourse" "+events" ]; - } - { - query = "from:limebike.com AND (subject:Funds OR subject:Receipt)"; - tags = [ "-inbox" "-unread" "+billing" "+limebike" ]; - } - { - query = "from:freemusicarchive.org"; - tags = [ "+FMA" ]; - } - { - query = "from:namecheap.com and subject:auto-renewal"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "from:namecheap.com and subject:order"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "tag:namecheap.com and tag:billing and body:gaykraft.com"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "from:nintendo.com"; - tags = [ "+nintendo" "+billing" ]; - } - { - query = "from:oculus.com AND subject:receipt"; - tags = [ "+oculus" "+billing" ]; - } - { - query = "from:car2go.com"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:sixt.de"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:meetup.com"; - tags = [ "-inbox" "-unread" "+meetup" ]; - } - { - query = "from:slack.com"; - tags = [ "+slack" ]; - } - { - query = "from:keybase.io"; - tags = [ "+keybase" ]; - } - { - query = "from:jobs2web.com"; - tags = [ "+newzealand" "+jobs" "-inbox" ]; - } - { - query = "from:paypal.de AND subject:Bestätigung"; - tags = [ "-unread" "+paypal" "+billing" ]; - } - { - query = "to:c-base.org"; - tags = [ "+cbase" "+list" ]; - } - { - query = "to:c-base.org AND subject=[auto-report]"; - tags = [ "-unread" "-inbox" ]; - } - { - query = "from:browserstack.com"; - tags = [ "+browserstack" ]; - } - { - query = - "to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com"; - tags = [ "+renoise" ]; - } - { - query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com"; - tags = [ "+shop" "+amazon" "+billing" ]; - } - { - query = "from:hetzner.com OR from:hetzner.de"; - tags = [ "+hetzner" ]; - } - { - query = - "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )"; - tags = [ "-inbox" "-unread" "+junk" "+renoise" ]; - } - { - query = "tag:hetzner and subject:Invoice"; - tags = [ "+billing" ]; - } - # final rules to make imap sync stuff easier - # there can only be one output folder tag, and theses rules are prioritized - { - query = "tag:fraud"; - tags = [ "-inbox" "-archive" "-junk" "-unread" ]; - message = "clean up tag fraud"; - } - { - query = "tag:junk"; - tags = [ "-inbox" "-archive" "-fraud" "-unread" ]; - message = "clean up tag junk"; - } - { - query = "tag:archive"; - tags = [ "-inbox" "-junk" "-fraud" "-unread" ]; - message = "clean up tag archive"; - } - { - query = "tag:inbox"; - tags = [ "-archive" "-junk" "-fraud" ]; - message = "clean up inbox"; - } - { - query = "tag:killed"; - tags = [ "-inbox" "-unread" ]; - message = "clean up tag killed"; - } - { - query = "tag:muted"; - tags = [ "-inbox" "-unread" ]; - } - # remove new tag at the end - { - query = "tag:new"; - tags = [ "-new" ]; - message = "remove new tag at the end"; - } - ]; - - notmuchTagging = - let - - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}" - ''; - in - '' - echo '${command}' - ${command} - ''; - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - - in - pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - - notmuchTaggingNew = - let - - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${ - lib.concatStringsSep " " tags - } -- "${query} AND tag:new" - ''; - in - '' - echo '${command}' - ${command} - ''; - - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - in - pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - -in -{ - - backup.dirs = [ "/home/mailfetcher" ]; - - users.users.mailUser = { - isNormalUser = true; - description = "collects mails for me"; - hashedPassword = "!"; - name = "mailfetcher"; - home = "/home/mailfetcher"; - openssh.authorizedKeys.keyFiles = - config.users.users.root.openssh.authorizedKeys.keyFiles; - group = "mailfetcher"; - }; - - users.groups.mailUser = { - name = "mailfetcher"; - }; - - sops.secrets.mail_terranix = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmail = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmx_palo = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmx_ingolf = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_web = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_siteground = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - - environment.systemPackages = [ pkgs.muchsync ]; - - # configure accounts - home-manager.users.mailUser.accounts.email = { - accounts = { - - palo_van_dalo-gmx = { - primary = false; - address = "palo_van_dalo@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo_van_dalo@gmx.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmx_palo.path }"; - imap = { - host = "imap.gmx.net"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - ingolf-wagner-gmx = { - primary = false; - address = "ingolf.wagner@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "ingolf.wagner@gmx.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmx_ingolf.path }"; - imap = { - host = "imap.gmx.net"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - pali_palo = { - primary = false; - address = "pali_palo@web.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "pali_palo@web.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_web.path }"; - imap = { - host = "imap.web.de"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - gmail = { - # for google accounts you have to allow 'less secure apps' in accounts.google.com - primary = true; - address = "palipalo9@googlemail.com"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palipalo9@googlemail.com"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmail.path }"; - imap = { - host = "imap.gmail.com"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - terranix_org = { - primary = false; - address = "palo@terranix.org"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo@terranix.org"; - passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }"; - imap = { - host = "mail.privateemail.com"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - ingolf-wagner-de = { - primary = false; - address = "contact@ingolf-wagner.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "contact@ingolf-wagner.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_siteground.path }"; - imap = { - host = "securees5.sgcpanel.com"; - port = 993; - tls.enable = true; - #tls.useStartTls = true; - }; - # make sure the upstream mail is deleted - getmail = { - enable = true; - delete = true; - readAll = false; - mailboxes = [ "ALL" ]; - }; - notmuch.enable = true; - }; - - }; - }; - - # configure mbsync - home-manager.users.mailUser.programs.mbsync.enable = true; - - # re-tag everything once a day - systemd.services.retagmail = { - enable = false; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = "${notmuchTagging}"; - }; - systemd.timers.retagmail = { - enable = false; - timerConfig = { - OnCalendar = "daily"; - Persistent = "true"; - }; - wantedBy = [ "multi-user.target" ]; - }; - - # fetch mails every 10 minutes - systemd.services.fetchmail = - let - threadTag = tag: '' - echo "tag threads with ${tag}" - ${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag}) - ''; - in - { - enable = false; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = '' - echo "run mbsync" - ${pkgs.isync}/bin/mbsync \ - --all - echo "run getmail" - ${pkgs.getmail}/bin/getmail \ - --quiet \ - --rcfile getmailingolf-wagner-de - - echo "run notmuch" - ${pkgs.notmuch}/bin/notmuch new - ${notmuchTaggingNew} - ${threadTag "muted"} - ${threadTag "wohnung"} - ${threadTag "flagged"} - ''; - }; - systemd.timers.fetchmail = { - enable = false; - # timerConfig.OnCalendar = " *-*-* *:00:00"; - timerConfig.OnCalendar = "*:0/10"; - wantedBy = [ "multi-user.target" ]; - }; - - # configure notmuch - home-manager.users.mailUser.programs.notmuch = { - enable = true; - new.tags = [ "unread" "inbox" "new" ]; - }; - -} diff --git a/nixos/configs/workhorse/metabase.nix b/nixos/configs/workhorse/metabase.nix deleted file mode 100644 index 8dd3f0b..0000000 --- a/nixos/configs/workhorse/metabase.nix +++ /dev/null @@ -1,24 +0,0 @@ -/{ pkgs, lib, config, ... }: { - - services.metabase = { - listen.port = 3040; - enable = true; - }; - - backup.dirs = [ "/var/lib/metabase" ]; - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "metabase.${config.networking.hostName}.private" = { - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.metabase.listen.port - }"; - }; - }; - }; - }; - -} diff --git a/nixos/configs/workhorse/mining.nix b/nixos/configs/workhorse/mining.nix deleted file mode 100644 index 6f95ec0..0000000 --- a/nixos/configs/workhorse/mining.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ pkgs, config, ... }: -let - maxPower = 90; - pool = "eu1.ethermine.org"; - toolkit = "opencl"; - wallet = ""; - rig = config.networking.hostName; - recheckInterval = 2000; - package = pkgs.ethminer; -in -{ - - systemd.services.ethminer = { - description = "ethminer ethereum mining service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - DynamicUser = true; - ExecStartPre = "${package}/bin/.ethminer-wrapped --list-devices"; - Restart = "always"; - }; - - script = '' - ${package}/bin/.ethminer-wrapped \ - --farm-recheck ${toString recheckInterval} \ - --report-hashrate \ - --${toolkit} \ - --pool stratum1+tcp://${wallet}.${rig}@${pool}:4444 - ''; - - }; - - # https://wiki.archlinux.org/title/GPGPU#Intel - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [ intel-ocl intel-compute-runtime beignet ]; - driSupport = true; - driSupport32Bit = true; - }; - - environment.systemPackages = with pkgs; [ - package - # go-ethereum - go-ethereum - # to check opencl config - clinfo - # check temperature - i7z - ]; - -} diff --git a/nixos/configs/workhorse/mysql.nix b/nixos/configs/workhorse/mysql.nix deleted file mode 100644 index 727df98..0000000 --- a/nixos/configs/workhorse/mysql.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, config, ... }: { - - services.mysql = { - enable = true; - package = pkgs.mysql80; - initialScript = pkgs.writeText "initScript" '' - CREATE USER 'admin'@'%' IDENTIFIED BY 'admin'; - GRANT ALL PRIVILEGES ON * . * TO 'admin'@'%'; - ''; - }; - - services.mysqlBackup = { - enable = true; - databases = [ "property" ]; - #user = "admin"; - }; - - backup.dirs = [ config.services.mysqlBackup.location ]; - -} diff --git a/nixos/configs/workhorse/nextcloud.nix b/nixos/configs/workhorse/nextcloud.nix deleted file mode 100644 index 5a351e1..0000000 --- a/nixos/configs/workhorse/nextcloud.nix +++ /dev/null @@ -1,362 +0,0 @@ -{ pkgs, config, ... }: -let - - hostAddress = "192.168.100.10"; - containerAddress = "192.168.100.11"; - #syncthingGid = config.users.groups.syncthing.gid; - nextcloudUid = 1000; - -in -{ - - sops.secrets.nextcloud_database_password = { - owner = "nextcloud"; - }; - sops.secrets.nextcloud_root_password = { - owner = "nextcloud"; - }; - - users.users.nextcloud = { - isSystemUser = true; - uid = nextcloudUid; - }; - - containers.nextcloud = { - - # mount host folders - bindMounts = { - rootpassword = { - hostPath = - "/run/secrets/nextcloud_root_password"; - #toString ; - mountPoint = - "/run/secrets/nextcloud_root_password"; - #toString ; - isReadOnly = true; - }; - databasepassword = { - hostPath = - "/run/secrets/nextcloud_database_password"; - #toString ; - mountPoint = - "/run/secrets/nextcloud_database_password"; - #toString ; - isReadOnly = true; - }; - - home = { - # make sure this folder exist on the host - hostPath = toString "/home/nextcloud"; - mountPoint = "/var/lib/nextcloud"; - isReadOnly = false; - }; - db = { - # make sure this folder exist on the host - hostPath = toString "/home/nextcloud_db"; - mountPoint = "/var/lib/mysql"; - isReadOnly = false; - }; - samples = { - mountPoint = - toString config.services.syncthing.declarative.folders.samples.path; - hostPath = - toString config.services.syncthing.declarative.folders.samples.path; - isReadOnly = true; - }; - movies = { - mountPoint = - toString config.services.syncthing.declarative.folders.movies.path; - hostPath = - toString config.services.syncthing.declarative.folders.movies.path; - isReadOnly = true; - }; - music = { - mountPoint = toString - config.services.syncthing.declarative.folders.music-library.path; - hostPath = toString - config.services.syncthing.declarative.folders.music-library.path; - isReadOnly = true; - }; - series = { - mountPoint = - toString config.services.syncthing.declarative.folders.series.path; - hostPath = - toString config.services.syncthing.declarative.folders.series.path; - isReadOnly = true; - }; - }; - - # container network setup - # see also nating on host system. - privateNetwork = true; - hostAddress = hostAddress; - localAddress = containerAddress; - - autoStart = true; - - config = { config, pkgs, lib, ... }: { - - users.users.nextcloud.uid = nextcloudUid; - - services.nginx = { - # Use recommended settings - recommendedGzipSettings = lib.mkDefault true; - recommendedOptimisation = lib.mkDefault true; - recommendedProxySettings = lib.mkDefault true; - recommendedTlsSettings = lib.mkDefault true; - - # for graylog logging - commonHttpConfig = - let - access_log_sink = "${hostAddress}:12304"; - error_log_sink = "${hostAddress}:12305"; - in - '' - log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' - '"facility": "nginx", ' - '"src_addr": "$remote_addr", ' - '"body_bytes_sent": $body_bytes_sent, ' - '"request_time": $request_time, ' - '"response_status": $status, ' - '"request": "$request", ' - '"request_method": "$request_method", ' - '"host": "$host",' - '"upstream_cache_status": "$upstream_cache_status",' - '"upstream_addr": "$upstream_addr",' - '"http_x_forwarded_for": "$http_x_forwarded_for",' - '"http_referrer": "$http_referer", ' - '"http_user_agent": "$http_user_agent" }'; - - access_log syslog:server=${access_log_sink} graylog2_json; - error_log syslog:server=${error_log_sink}; - ''; - }; - - # don't forget the database backup before doing this - # https://docs.nextcloud.com/server/stable/admin_manual/maintenance/backup.html - # https://docs.nextcloud.com/server/stable/admin_manual/maintenance/upgrade.html - # use snapshots in case of a rollback - #nixpkgs.config.packageOverrides = super: { - # nextcloud = super.nextcloud.overrideAttrs (old: rec { - # name = "nextcloud-${version}"; - # version = "18.0.1"; - # src = super.fetchurl { - # url = - # "https://download.nextcloud.com/server/releases/nextcloud-18.0.1.tar.bz2"; - # sha256 = "1h0rxpdssn1hc65k41zbvww9r4f79vbd9bixc9ri5n7hp0say3vp"; - # }; - # }); - #}; - - networking.firewall.allowedTCPPorts = [ 80 ]; - networking.firewall.allowedUDPPorts = [ 80 ]; - - # nextcloud database - # ================== - # - # set user password: - # ----------------- - # #> mysql - # mysql> ALTER USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud-password'; - # - # recreate database: - # ------------------ - # mysql> DROP DATABASE nextcloud; - # mysql> CREATE DATABASE nextcloud; - # - # migration: - # ---------- - # nextcloud-occ db:convert-type --all-apps mysql nextcloud 127.0.0.1 nextcloud - # - # 4-byte stuff: - # ------------- - # https://docs.nextcloud.com/server/18/admin_manual/configuration_database/mysql_4byte_support.html - # if you do this don't forget --default-character-set=utf8mb4 for mysqldump - services.mysql = { - enable = true; - package = pkgs.mysql; - # https://nixos.org/manual/nixos/stable/release-notes.html#sec-release-20.09-incompatibilities - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; }; - }]; - settings.mysqld = { - innodb_large_prefix = true; - innodb_file_format = "barracuda"; - innodb_file_per_table = 1; - }; - }; - - # Backup database - # --------------- - services.mysqlBackup = { - enable = true; - databases = config.services.mysql.ensureDatabases; - singleTransaction = true; - location = "/var/lib/nextcloud/database_backups"; - }; - systemd.services."mysql-backup".serviceConfig = { - ExecStartPre = - [ "+/run/current-system/sw/bin/nextcloud-occ maintenance:mode --on" ]; - ExecStopPost = [ - "+/run/current-system/sw/bin/nextcloud-occ maintenance:mode --off" - ]; - }; - - # in php - services.phpfpm.phpPackage = pkgs.php73; - - # nextcloud setup - services.nextcloud = { - enable = true; - package = pkgs.nextcloud22; - #package = pkgs.nextcloud.overrideAttrs (old: rec { - # name = "nextcloud-${version}"; - # version = "18.0.1"; - # src = pkgs.fetchurl { - # url = - # "https://download.nextcloud.com/server/releases/nextcloud-18.0.1.tar.bz2"; - # sha256 = "1h0rxpdssn1hc65k41zbvww9r4f79vbd9bixc9ri5n7hp0say3vp"; - # }; - #}); - autoUpdateApps.enable = true; - #nginx.enable = true; - hostName = "nextcloud.ingolf-wagner.de"; - logLevel = 2; - https = true; - config = { - adminpassFile = - #config.sops.secrets.nextcloud_root_password.path; - "/run/secrets/nextcloud_root_password"; - overwriteProtocol = "https"; - trustedProxies = [ "195.201.134.247" hostAddress ]; - dbtype = "mysql"; - dbpassFile = - #config.sops.secrets.nextcloud_database_password.path; - "/run/secrets/nextcloud_database_password"; - dbport = 3306; - }; - }; - - #sops.secrets.nextcloud_database_password = {}; - #sops.secrets.nextcloud_root_password = {}; - - environment.systemPackages = [ pkgs.smbclient ]; - - services.journalbeat = { - enable = true; - extraConfig = '' - journalbeat.inputs: - - paths: [] - # Position to start reading from journal. Valid values: head, tail, cursor - seek: cursor - # Fallback position if no cursor data is available. - cursor_seek_fallback: tail - output.logstash: - # Boolean flag to enable or disable the output module. - enabled: true - # Graylog host and the beats input - hosts: ["${hostAddress}:5044"] - - # If enabled only a subset of events in a batch of events is transferred per - # transaction. The number of events to be sent increases up to `bulk_max_size` - # if no error is encountered. - slow_start: true - - # The number of seconds to wait before trying to reconnect to Graylog - # after a network error. After waiting backoff.init seconds, the Beat - # tries to reconnect. If the attempt fails, the backoff timer is increased - # exponentially up to backoff.max. After a successful connection, the backoff - # timer is reset. The default is 1s. - backoff.init: 1s - - # The maximum number of seconds to wait before attempting to connect to - # Graylog after a network error. The default is 60s. - backoff.max: 60s - ''; - }; - - }; - - }; - - # give containers internet access - networking.nat.enable = true; - networking.nat.internalInterfaces = [ "ve-nextcloud" ]; - networking.nat.externalInterface = "enp2s0f1"; - - # don't let networkmanager manger container network - networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - - # open ports for logging - networking.firewall.interfaces."ve-nextcloud".allowedTCPPorts = - [ 5044 12304 12305 ]; - networking.firewall.interfaces."ve-nextcloud".allowedUDPPorts = - [ 5044 12304 12305 ]; - - # host nginx setup - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "nextcloud.workhorse.private" = { - serverAliases = [ "nextcloud.ingolf-wagner.de" ]; - locations."/" = { - proxyPass = "http://${containerAddress}"; - extraConfig = '' - # allow big uploads - # ----------------- - client_max_body_size 0; - ''; - }; - }; - }; - }; - - # Backup Config - # ------------- - backup.dirs = [ - "/home/nextcloud/config" - "/home/nextcloud/database_backups" # created by mysqlBackup - ]; - - # Backup Files - # ------------ - services.borgbackup.jobs = { - "nextcloud-to-media" = { - repo = "/media/syncthing/borg/nextcloud"; - # make sure syncthing is capable of reading the files - postHook = '' - chown -R syncthing:syncthing /media/syncthing/borg/nextcloud - ''; - compression = "lz4"; - paths = [ - "/home/nextcloud/data/tina/files/Documents" - "/home/nextcloud/data/tina/files/Pictures" - "/home/nextcloud/data/tina/files/Joplin" - "/home/nextcloud/data/tina/files/SofortUpload" - "/home/nextcloud/data/palo/files/InstantUpload" - "/home/nextcloud/data/palo/files/Joplin" - "/home/nextcloud/data/palo/files/Pictures" - "/home/nextcloud/data/palo/files/Unterlagen" - "/home/nextcloud/data/palo/files/Video" - "/home/nextcloud/data/palo-windows/files/Kunstbuch" - ]; - doInit = true; - encryption = { - mode = "repokey-blake2"; - passCommand = - "cat ${config.sops.secrets.backup_repository_passphrase.path}"; - }; - startAt = "0/3:00:00"; - prune.keep = { - within = "2d"; # Keep all backups in the last 10 days. - daily = 10; # Keep 10 additional end of day archives - weekly = 8; # Keep 8 additional end of week archives. - month = 8; # Keep 8 additional end of month archives. - }; - }; - }; - -} diff --git a/nixos/configs/workhorse/packages.nix b/nixos/configs/workhorse/packages.nix deleted file mode 100644 index b70f348..0000000 --- a/nixos/configs/workhorse/packages.nix +++ /dev/null @@ -1 +0,0 @@ -{ config, pkgs, ... }: { environment.systemPackages = with pkgs; [ ]; } diff --git a/nixos/configs/workhorse/prometheus.nix b/nixos/configs/workhorse/prometheus.nix deleted file mode 100644 index 6888571..0000000 --- a/nixos/configs/workhorse/prometheus.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ config, pkgs, lib, ... }: { - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "prometheus.workhorse.private" = { - locations."/" = { proxyPass = "http://workhorse.private:9090"; }; - }; - }; - }; - - services.prometheus = { - enable = true; - # keep data for 30 days - extraFlags = [ "--storage.tsdb.retention.time=30d" ]; - scrapeConfigs = [ - { - job_name = "nginx"; - scrape_interval = "8s"; - static_configs = [ - { - targets = [ "sputnik.private:9113" ]; - labels = { - service = "nginx"; - server = "sputnik"; - }; - } - { - targets = [ "sputnik.private:9113" ]; - labels = { - service = "nginx"; - server = "sputnik"; - }; - } - { - targets = [ "workhorse.private:9113" ]; - labels = { - service = "nginx"; - server = "sputnik"; - }; - } - ]; - } - { - job_name = "netdata"; - metrics_path = "/api/v1/allmetrics"; - params.format = [ "prometheus" ]; - scrape_interval = "5s"; - static_configs = [ - { - targets = [ "pepe.private:19999" ]; - labels = { - service = "netdata"; - server = "pepe"; - }; - } - { - targets = [ "sputnik.private:19999" ]; - labels = { - service = "netdata"; - server = "sputnik"; - }; - } - { - targets = [ "workhorse.private:19999" ]; - labels = { - service = "netdata"; - server = "workhorse"; - }; - } - ]; - } - { - job_name = "gogs"; - metrics_path = "/-/metrics"; - params.format = [ "prometheus" ]; - scrape_interval = "10s"; - static_configs = [{ - targets = [ "workhorse.private:3000" ]; - labels = { - service = "gogs"; - server = "kruck"; - }; - }]; - } - #{ - # job_name = "home-assistant"; - # scrape_interval = "60s"; - # metrics_path = "/api/prometheus"; - # # you can create this token on your user profile page - # # http://pepe.private:8123/profile - # bearer_token = - # lib.fileContents ; - # static_configs = [{ - # targets = [ "pepe.private:8123" ]; - # labels = { - # service = "hass"; - # server = "pepe"; - # city = "essen"; - # }; - # }]; - #} - ]; - }; -} diff --git a/nixos/configs/workhorse/property.nix b/nixos/configs/workhorse/property.nix deleted file mode 100644 index 169f2c2..0000000 --- a/nixos/configs/workhorse/property.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, pkgs, config, ... }: { - - users.users.property = { isSystemUser = true; }; - - systemd.services.property = { - enable = true; - wantedBy = [ "multi-user.target" ]; - path = [ - (pkgs.python3.withPackages (ps: - with ps; [ - flask - selenium - beautifulsoup4 - urllib3 - sqlalchemy - mysqlclient - pytest - dateparser - geopy - nltk - click - ])) - ]; - - serviceConfig = { User = "property"; }; - script = '' - FLASK_APP=${}/server.py \ - FLASK_RUN_PORT=7888 \ - flask run --host 0.0.0.0 \ - "$@" - ''; - }; - - services.nginx = { - enable = true; - virtualHosts = { - "property.workhorse.private" = { - locations."/" = { proxyPass = "http://localhost:7888"; }; - }; - }; - }; - -} diff --git a/nixos/configs/workhorse/syncthing.nix b/nixos/configs/workhorse/syncthing.nix deleted file mode 100644 index c7a369a..0000000 --- a/nixos/configs/workhorse/syncthing.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ config, pkgs, lib, ... }: { - - custom.samba-share = { - enable = true; - folders = { - movies = config.services.syncthing.declarative.folders.movies.path; - series = config.services.syncthing.declarative.folders.series.path; - samples = config.services.syncthing.declarative.folders.samples.path; - music = config.services.syncthing.declarative.folders.music-library.path; - books = config.services.syncthing.declarative.folders.books.path; - }; - }; - - - sops.secrets.syncthing_cert = { }; - sops.secrets.syncthing_key = { }; - - services.syncthing = { - enable = true; - openDefaultPorts = false; - dataDir = "/home/syncthing"; - configDir = "/home/syncthing"; - declarative = { - cert = toString config.sops.secrets.syncthing_cert.path; - key = toString config.sops.secrets.syncthing_key.path; - overrideFolders = true; - - folders = { - - # on encrypted hard drive - # ----------------------- - private = { - enable = true; - path = "/home/syncthing/private"; - }; - desktop = { - enable = true; - path = "/home/syncthing/desktop"; - }; - finance = { - enable = true; - path = "/home/syncthing/finance"; - }; - fotos = { - enable = true; - path = "/home/syncthing/fotos"; - }; - lost-fotos = { - enable = true; - path = "/home/syncthing/lost-fotos.ct"; - }; - zettlr = { - enable = true; - path = "/home/syncthing/zettlr"; - }; - - # on media hard drive (not encrypted) - # ----------------------------------- - borg-mirror = { - enable = true; - path = "/media/syncthing/borg"; - rescanInterval = 36 * 3600; - type = "sendonly"; - }; - video-material = { - enable = true; - path = "/home/syncthing/video-material"; - }; - music-library-free = { - enable = true; - path = "/media/syncthing/music-library-free"; - rescanInterval = 8 * 3600; - }; - books = { - enable = true; - path = "/media/syncthing/books"; - rescanInterval = 8 * 3600; - }; - samples = { - enable = true; - path = "/media/syncthing/samples"; - rescanInterval = 8 * 3600; - }; - movies = { - enable = true; - path = "/media/syncthing/movies"; - rescanInterval = 8 * 3600; - }; - # todo : no need to place it on encrypted drive - music-projects = { - enable = true; - path = "/home/syncthing/music-projects"; - }; - music-library = { - enable = true; - path = "/media/syncthing/music-library"; - rescanInterval = 8 * 3600; - }; - series = { - enable = true; - path = "/media/syncthing/series"; - rescanInterval = 8 * 3600; - }; - smartphone-folder = { - enable = true; - path = "/media/syncthing/smartphone-folder"; - rescanInterval = 8 * 3600; - }; - processing = { - enable = true; - path = "/media/syncthing/sketchbook"; - rescanInterval = 8 * 3600; - }; - - }; - }; - }; - - system.permown."/home/syncthing" = { - owner = "syncthing"; - group = "syncthing"; - umask = "0022"; - }; - system.permown."/media/syncthing" = { - owner = "syncthing"; - group = "syncthing"; - umask = "0022"; - }; - systemd.services."permown._media_syncthing" = { - bindsTo = [ "media.mount" ]; - after = [ "media.mount" ]; - }; - systemd.services."syncthing" = { - bindsTo = [ "media.mount" ]; - after = [ "media.mount" ]; - }; - - backup.dirs = [ "/home/syncthing/finance" ]; - -} diff --git a/nixos/configs/workhorse/taskserver.nix b/nixos/configs/workhorse/taskserver.nix deleted file mode 100644 index c3c6e99..0000000 --- a/nixos/configs/workhorse/taskserver.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: { - - services.taskserver = { - enable = true; - fqdn = "taskd.ingolf-wagner.de"; - listenHost = "0.0.0.0"; - requestLimit = 104857600; - trust = "strict"; - dataDir = "/var/lib/taskserver"; - organisations."1337".users = [ "palo" "beta" ]; - ciphers = "SECURE256"; - }; - - backup.dirs = [ config.services.taskserver.dataDir ]; - -} diff --git a/nixos/configs/workhorse/tinc.nix b/nixos/configs/workhorse/tinc.nix deleted file mode 100644 index 5291b19..0000000 --- a/nixos/configs/workhorse/tinc.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: { - - module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - connectTo = [ "sputnik" ]; - }; - "retiolum" = { - enable = true; - openPort = true; - }; - "secret" = { - enable = true; - openPort = true; - connectTo = [ "sputnik" ]; - }; - }; - - sops.secrets.tinc_retiolum_ed25519_key = { }; - sops.secrets.tinc_retiolum_rsa_key = { }; - -} diff --git a/nixos/configs/workhorse/transmission.nix b/nixos/configs/workhorse/transmission.nix deleted file mode 100644 index 83031de..0000000 --- a/nixos/configs/workhorse/transmission.nix +++ /dev/null @@ -1,285 +0,0 @@ -{ pkgs, config, ... }: -let - - hostAddress = "192.168.100.30"; - containerAddress = "192.168.100.31"; - -in -{ - - #users.users.transmission = { - # isSystemUser = true; - # uid = config.ids.uids.transmission; - #}; - - sops.secrets.nordvpn = { }; - - containers.torrent = { - - # mount host folders - bindMounts = { - #password = { - # hostPath = "/run/secrets/transmission_password"; - # mountPoint = "/run/secrets/transmission_password"; - # isReadOnly = true; - #}; - nordvpnPassword = { - hostPath = "/run/secrets/nordvpn"; - mountPoint = "/run/secrets/nordvpn"; - isReadOnly = true; - }; - home = { - hostPath = "/home/torrent"; - mountPoint = "/home/torrent"; - isReadOnly = false; - }; - media = { - hostPath = "/media"; - mountPoint = - "/home/torrent/downloads/media"; # must be here otherwise transmission can't see the folder - isReadOnly = false; - }; - lib = { - hostPath = "/home/torrent/.config"; - mountPoint = "/var/lib/transmission/.config"; - isReadOnly = false; - }; - }; - - # container network setup - # see also nating on host system. - privateNetwork = true; - hostAddress = hostAddress; - localAddress = containerAddress; - autoStart = true; - # needed for openvpn - enableTun = true; - - config = { config, pkgs, lib, ... }: { - - services.journalbeat = { - enable = true; - extraConfig = '' - journalbeat.inputs: - - paths: [] - # Position to start reading from journal. Valid values: head, tail, cursor - seek: cursor - # Fallback position if no cursor data is available. - cursor_seek_fallback: tail - output.logstash: - # Boolean flag to enable or disable the output module. - enabled: true - # Graylog host and the beats input - hosts: ["${hostAddress}:5044"] - - # If enabled only a subset of events in a batch of events is transferred per - # transaction. The number of events to be sent increases up to `bulk_max_size` - # if no error is encountered. - slow_start: true - - # The number of seconds to wait before trying to reconnect to Graylog - # after a network error. After waiting backoff.init seconds, the Beat - # tries to reconnect. If the attempt fails, the backoff timer is increased - # exponentially up to backoff.max. After a successful connection, the backoff - # timer is reset. The default is 1s. - backoff.init: 1s - - # The maximum number of seconds to wait before attempting to connect to - # Graylog after a network error. The default is 60s. - backoff.max: 60s - ''; - }; - - services.journald.extraConfig = "SystemMaxUse=1G"; - - services.transmission = { - enable = true; - settings = { - download-dir = "/home/torrent/downloads"; - incomplete-dir = "/home/torrent/incomplete"; - incomplete-dir-enabled = true; - message-level = 1; - umask = "002"; - rpc-whitelist-enabled = false; - rpc-host-whitelist-enabled = false; - rpc-port = 9091; - rpc-enable = true; - rpc-bind-address = "0.0.0.0"; - - # "normal" speed limits - speed-limit-down-enabled = false; - speed-limit-down = 800; - speed-limit-up-enabled = true; - speed-limit-up = 50; - upload-slots-per-torrent = 8; - # Queuing - # When true, Transmission will only download - # download-queue-size non-stalled torrents at once. - download-queue-enabled = true; - download-queue-size = 3; - - # When true, torrents that have not shared data for - # queue-stalled-minutes are treated as 'stalled' - # and are not counted against the queue-download-size - # and seed-queue-size limits. - queue-stalled-enabled = true; - queue-stalled-minutes = 60; - - # When true. Transmission will only seed seed-queue-size - # non-stalled torrents at once. - seed-queue-enabled = false; - seed-queue-size = 10; - - # Enable UPnP or NAT-PMP. - peer-port = 51413; - port-forwarding-enabled = false; - # Start torrents as soon as they are added - - start-added-torrents = true; - - # notify me when download finished - script-torrent-done-enabled = true; - #script-torrent-done-filename = - # (pkgs.writers.writeBash "torrent-finished" '' - # JSON_STRING=$( ${pkgs.jq}/bin/jq -n --arg torrent_name "$TR_TORRENT_NAME" \ - # '{text: ":tada: finished : \($torrent_name)", channel: "torrent"}' ) - # ${pkgs.curl}/bin/curl \ - # --include \ - # --request POST \ - # --data-urlencode \ - # "payload=$JSON_STRING" \ - # - # ''); - - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 51413 ]; - allowedUDPPorts = [ 51413 ]; - interfaces.eth0 = { - allowedTCPPorts = [ 9091 ]; - allowedUDPPorts = [ 9091 ]; - }; - }; - - # bind transmission to openvpn - systemd.services.transmission = { - bindsTo = [ "openvpn-nordvpn.service" ]; - after = [ "openvpn-nordvpn.service" ]; - serviceConfig.Restart = "always"; - }; - services.openvpn.servers.nordvpn.updateResolvConf = true; - services.openvpn.servers.nordvpn.config = '' - client - dev tun - proto udp - remote 152.89.163.99 1194 - dhcp-option DNS 8.8.8.8 - remote-random - nobind - tun-mtu 1500 - tun-mtu-extra 32 - mssfix 1450 - persist-key - persist-tun - ping 15 - ping-restart 0 - ping-timer-rem - reneg-sec 0 - comp-lzo no - - remote-cert-tls server - - auth-user-pass /run/secrets/nordvpn - - verb 3 - pull - resolv-retry infinite - fast-io - cipher AES-256-CBC - auth SHA512 - - - -----BEGIN CERTIFICATE----- - MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ - MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 - MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV - BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI - hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF - kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr - XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU - eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV - skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu - MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA - 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR - hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s - Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy - WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 - MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST - LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG - SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g - nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ - k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S - DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ - pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo - k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp - +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd - NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa - wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC - VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S - PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== - -----END CERTIFICATE----- - - key-direction 1 - - # - # 2048 bit OpenVPN static key - # - -----BEGIN OpenVPN Static key V1----- - e685bdaf659a25a200e2b9e39e51ff03 - 0fc72cf1ce07232bd8b2be5e6c670143 - f51e937e670eee09d4f2ea5a6e4e6996 - 5db852c275351b86fc4ca892d78ae002 - d6f70d029bd79c4d1c26cf14e9588033 - cf639f8a74809f29f72b9d58f9b8f5fe - fc7938eade40e9fed6cb92184abb2cc1 - 0eb1a296df243b251df0643d53724cdb - 5a92a1d6cb817804c4a9319b57d53be5 - 80815bcfcb2df55018cc83fc43bc7ff8 - 2d51f9b88364776ee9d12fc85cc7ea5b - 9741c4f598c485316db066d52db4540e - 212e1518a9bd4828219e24b20d88f598 - a196c9de96012090e333519ae18d3509 - 9427e7b372d348d352dc4c85e18cd4b9 - 3f8a56ddb2e64eb67adfc9b337157ff4 - -----END OpenVPN Static key V1----- - - ''; - - }; - }; - - # give containers internet access - networking.nat.enable = true; - networking.nat.internalInterfaces = [ "ve-torrent" ]; - networking.nat.externalInterface = "enp2s0f1"; - - # open ports for logging - networking.firewall.interfaces."ve-torrent".allowedTCPPorts = - [ 5044 12304 12305 ]; - networking.firewall.interfaces."ve-torrent".allowedUDPPorts = - [ 5044 12304 12305 ]; - - # host nginx setup - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "transmission.workhorse.private" = { - locations."/" = { proxyPass = "http://${containerAddress}:9091"; }; - }; - }; - }; - -} diff --git a/nixos/configs/workhorse/weechat.nix b/nixos/configs/workhorse/weechat.nix deleted file mode 100644 index f008033..0000000 --- a/nixos/configs/workhorse/weechat.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, lib, ... }: - -# how to setup a relay -# * ssh on the maching -# * sudo -u weechat screen -r -# /set relay.network.password "mypassword" -# /relay add weechat 10000 - -{ - - # configure weechat - services.weechat = { enable = true; }; - - # configure bitlbee - services.bitlbee = { - enable = true; - libpurple_plugins = [ - #pkgs.pidgin-otr - #pkgs.purple-facebook - #pkgs.purple-discord - #pkgs.purple-matrix - #pkgs.purple-hangouts - #pkgs.pidgin-latex - #pkgs.pidgin-opensteamworks - #pkgs.pidgin-skypeweb - pkgs.telegram-purple - #pkgs.purple-lurch - ]; - plugins = - [ pkgs.bitlbee-facebook pkgs.bitlbee-steam pkgs.bitlbee-mastodon ]; - }; - - # otherwise xterm is the only thing that works - environment.systemPackages = [ pkgs.rxvt_unicode ]; - - backup.dirs = [ config.services.weechat.root ]; - -} diff --git a/nixos/configs/workout/configuration.nix b/nixos/configs/workout/configuration.nix deleted file mode 100644 index f62df7a..0000000 --- a/nixos/configs/workout/configuration.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib, config, pkgs, ... }: { - imports = [ - - - ./hardware-configuration.nix - - #./kibana.nix - ./packages.nix - #./slack.nix - ./syncthing.nix - ./tinc.nix - ./lan.nix - ]; - - networking.hostName = "workout"; - - services.logind.lidSwitch = lib.mkForce "ignore"; - - security.wrappers = { - pmount.source = "${pkgs.pmount}/bin/pmount"; - pumount.source = "${pkgs.pmount}/bin/pumount"; - }; - - # nix-shell -p speedtest_cli --run speedtest - configuration.fireqos = { - enable = true; - interface = "wlp1s0"; - input = 5000; - output = 1200; - balance = false; - }; - - programs.custom.steam.enable = true; - programs.custom.video.enable = true; - - # font - # ---- - programs.custom.urxvt.fontSize = 17; - programs.custom.xterm.fontSize = 17; - system.custom.fonts.dpi = 140; - - services.printing.enable = true; - - virtualisation = { - docker.enable = false; - virtualbox = { - host.enable = false; - guest.x11 = false; - guest.enable = false; - }; - }; - - configuration.desktop = { - width = 2560; - height = 1440; - }; - -} - diff --git a/nixos/configs/workout/hardware-configuration.nix b/nixos/configs/workout/hardware-configuration.nix deleted file mode 100644 index 93e64df..0000000 --- a/nixos/configs/workout/hardware-configuration.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: - -let mainUserHome = "/home/palo"; -in { - # fix fileSystems..encrypted - false overwrite - # -------------------------------------------------- - boot.initrd.luks.cryptoModules = [ - "aes" - "aes_generic" - "blowfish" - "twofish" - "serpent" - "cbc" - "xts" - "lrw" - "sha1" - "sha256" - "sha512" - "aes_x86_64" - ]; - - # todo : why should I use this here - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - nix.maxJobs = lib.mkDefault 8; - - # lvm volume group - # ---------------- - boot.initrd.luks.devices = { - vg = { - device = "/dev/sda2"; - preLVM = true; - }; - }; - - # NTFS support - # ------------ - environment.systemPackages = [ pkgs.ntfs3g ]; - - # root - # ---- - fileSystems."/" = { - options = [ "noatime" "nodiratime" "discard" ]; - device = "/dev/vg/root"; - fsType = "ext4"; - }; - - # boot - # ---- - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - boot.loader.grub = { - device = "/dev/sda"; - enable = true; - version = 2; - }; - - # home - # ---- - fileSystems."/home" = { - options = [ "noatime" "nodiratime" "discard" ]; - device = "/dev/vg/home"; - fsType = "ext4"; - }; - -} - diff --git a/nixos/configs/workout/kibana.nix b/nixos/configs/workout/kibana.nix deleted file mode 100644 index fc78713..0000000 --- a/nixos/configs/workout/kibana.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: { - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "kibana.${config.networking.hostName}.private" = { - serverAliases = [ ]; - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.kibana.port - }"; - }; - }; - }; - }; - services.elasticsearch.enable = true; - services.elasticsearch.listenAddress = - "${config.networking.hostName}.private"; - - services.kibana.enable = true; - services.kibana.elasticsearch.hosts = - [ "http://${config.networking.hostName}.private:9200" ]; - services.kibana.listenAddress = "${config.networking.hostName}.private"; - services.kibana.port = 5601; - -} diff --git a/nixos/configs/workout/lan.nix b/nixos/configs/workout/lan.nix deleted file mode 100644 index 08b6ff5..0000000 --- a/nixos/configs/workout/lan.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, pkgs, ... }: -let - - interface = "eno1"; - ipAddress = "10.1.0.1"; - prefixLength = 24; - -in -{ - - networking.extraHosts = '' - 10.1.0.1 workout.lan - 10.1.0.2 pepe.lan - ''; - - # todo only open needed ports - networking.firewall.trustedInterfaces = [ interface ]; - - networking.networkmanager.unmanaged = [ interface ]; - networking.dhcpcd.denyInterfaces = [ interface ]; - - networking.interfaces."${interface}".ipv4.addresses = [{ - address = ipAddress; - prefixLength = prefixLength; - }]; - -} diff --git a/nixos/configs/workout/packages.nix b/nixos/configs/workout/packages.nix deleted file mode 100644 index 70fbd72..0000000 --- a/nixos/configs/workout/packages.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: { - - # overlay included - nixpkgs.overlays = [ (import ) ]; - - nixpkgs.config.packageOverrides = pkgs: { - nur = import - (builtins.fetchTarball - "https://github.com/nix-community/NUR/archive/master.tar.gz") - { - inherit pkgs; - }; - }; - - environment.systemPackages = with pkgs; [ - #bitwig-studio - sononym-crawler - - # rust development environment - rustup - jetbrains.clion - - # python - python3Full - jetbrains.pycharm-professional - jetbrains.datagrip - - #nur.repos.mic92.nixos-shell - jetbrains.idea-ultimate - - ]; - -} diff --git a/nixos/configs/workout/slack.nix b/nixos/configs/workout/slack.nix deleted file mode 100644 index d5b3920..0000000 --- a/nixos/configs/workout/slack.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: { - - programs.custom.slack = { - enable = true; - homeBackup = "~/desktop/slack"; - }; - - programs.custom.browser.configList.google-chrome = { - inherit (config.programs.custom.browser.configList.development) - home homeBackup user; - sudoUsers = [ "slack" ]; - }; - -} diff --git a/nixos/configs/workout/syncthing.nix b/nixos/configs/workout/syncthing.nix deleted file mode 100644 index 956a5db..0000000 --- a/nixos/configs/workout/syncthing.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, pkgs, lib, ... }: { - - services.syncthing = { - enable = true; - openDefaultPorts = false; - user = "palo"; - dataDir = "/home/palo/.syncthing"; - configDir = "/home/palo/.syncthing"; - declarative = { - cert = toString ; - key = toString ; - - overrideFolders = true; - folders = { - - # on encrypted drive - # ------------------ - desktop = { - enable = true; - path = "/home/palo/desktop"; - }; - finance = { - enable = true; - path = "/home/palo/finance"; - }; - lost-fotos = { - enable = true; - path = "/home/palo/.lost-fotos.ct"; - }; - fotos = { - enable = true; - path = "/home/palo/fotos"; - }; - programs = { - enable = true; - path = "/home/palo/programs"; - }; - - # no need to be encrypted - # ----------------------- - book = { - enable = true; - path = "/home/palo/books"; - }; - music-library-free = { - enable = true; - path = "/home/palo/music-library-free"; - }; - music-library = { - enable = true; - path = "/home/palo/music-library"; - }; - music-projects = { - enable = true; - path = "/home/palo/music-projects"; - }; - samples = { - enable = true; - path = "/home/palo/samples"; - }; - video-material = { - enable = true; - path = "/home/palo/video-material"; - }; - windows-sync = { - enable = true; - path = "/home/palo/windows-sync"; - }; - smartphone-folder = { - enable = true; - path = "/home/palo/smartphone-folder"; - }; - zettlr = { - enable = true; - path = "/home/palo/zettlr"; - }; - processing = { - enable = true; - path = "/home/palo/sketchbook"; - }; - }; - }; - }; - -} - diff --git a/nixos/configs/workout/tinc.nix b/nixos/configs/workout/tinc.nix deleted file mode 100644 index e78d9f9..0000000 --- a/nixos/configs/workout/tinc.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: { - module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - connectTo = [ "sputnik" ]; - }; - "retiolum" = { - enable = true; - openPort = true; - }; - }; - -}