a bit of refactoring

flake.nix

@@ -145,7 +145,7 @@
               colmena.packages.${system}.colmena
             ];
             imports = [
-              ./nixos/configs/${name}/configuration.nix
+              ./nixos/machines/${name}/configuration.nix
               cluster-module.nixosModules.tinc
               (sopsModule name)
               home-manager.nixosModules.home-manager

nixos/configs/sterni/wireshark.nix

@@ -1,45 +0,0 @@
-{ pkgs, config, ... }: {
-
-  users.users.mainUser.extraGroups = [ "wireshark" ];
-  programs.wireshark.enable = true;
-
-  environment.systemPackages = [
-
-    pkgs.wireshark
-
-    # alternative packet analyzer (only works with elasticsearch)
-    pkgs.packetbeat7
-  ];
-
-  # elastic search is good for analysing stuff
-  # https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
-  services.elasticsearch.enable = true;
-  services.elasticsearch.listenAddress =
-    "${config.networking.hostName}.private";
-  services.kibana.enable = true;
-  services.kibana.elasticsearch.hosts =
-    [ "http://${config.networking.hostName}.private:9200" ];
-  services.kibana.listenAddress = "${config.networking.hostName}.private";
-  services.kibana.port = 5601;
-
-  # using tshark with elastic search
-  # --------------------------------
-  # tshark -r file.pcap -T ek > packages.json
-  # curl -XPOST "sterni.private:9200/packets/doc/_bulk" -H 'Content-Type: application/json' --data-binary "@packets.json"
-
-  services.nginx = {
-    enable = true;
-    statusPage = true;
-    virtualHosts = {
-      "kibana.${config.networking.hostName}.private" = {
-        serverAliases = [ ];
-        locations."/" = {
-          proxyPass = "http://${config.networking.hostName}.private:${
-              toString config.services.kibana.port
-            }";
-        };
-      };
-    };
-  };
-
-}

nixos/legacy/nginx-logging.nix

@@ -0,0 +1,41 @@
+{ pkgs, lib, ... }:
+let
+  access_log_sink = "workhorse.private:12304";
+  error_log_sink = "workhorse.private:12305";
+in
+{
+
+  security.acme.defaults.email = "contact@ingolf-wagner.de";
+  security.acme.acceptTerms = true;
+
+  services.nginx = {
+
+    # Use recommended settings
+    recommendedGzipSettings = lib.mkDefault true;
+    recommendedOptimisation = lib.mkDefault true;
+    recommendedProxySettings = lib.mkDefault true;
+    recommendedTlsSettings = lib.mkDefault true;
+
+    # for graylog logging
+    #commonHttpConfig = ''
+    #  log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
+    #    '"facility": "nginx", '
+    #    '"src_addr": "$remote_addr", '
+    #    '"body_bytes_sent": $body_bytes_sent, '
+    #    '"request_time": $request_time, '
+    #    '"response_status": $status, '
+    #    '"request": "$request", '
+    #    '"request_method": "$request_method", '
+    #    '"host": "$host",'
+    #    '"upstream_cache_status": "$upstream_cache_status",'
+    #    '"upstream_addr": "$upstream_addr",'
+    #    '"http_x_forwarded_for": "$http_x_forwarded_for",'
+    #    '"http_referrer": "$http_referer", '
+    #    '"http_user_agent": "$http_user_agent" }';
+    #  access_log syslog:server=${access_log_sink} graylog2_json;
+    #  error_log syslog:server=${error_log_sink};
+    #'';
+  };
+
+  services.nginx.package = pkgs.nginxMainline;
+}

nixos/machines/sternchen/configuration.nix

@@ -111,9 +111,5 @@
     };
   };
 
-  # keybase
-  services.keybase.enable = false;
-  services.kbfs.enable = false;
-
 }
 

nixos/machines/sterni/configuration.nix

@@ -37,10 +37,6 @@
     };
   };
 
-  # keybase
-  services.keybase.enable = false;
-  services.kbfs.enable = false;
-
   programs.custom.steam.enable = true;
   programs.custom.video.enable = false;
 
@@ -72,12 +68,8 @@
   custom.samba-share = {
     enable = true;
     folders = {
-      #public = "/home/palo/movies";
       share = "/home/share";
       video = "/home/video-material";
-      #syncthing = "/mnt/syncthing";
-      #movies = "/mnt/syncthing/movies";
-      #series = "/mnt/syncthing/series";
     };
   };
 
@@ -96,8 +88,4 @@
     vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
   };
 
-  # include all modules from flakes
-  # documentation.nixos.includeAllModules = true;
-
 }
-

nixos/system/all/nginx-landingpage.nix

@@ -1,38 +1,5 @@
 { config, lib, pkgs, ... }: {
 
-  services.nginx.virtualHosts."mia.${config.networking.hostName}.private" = {
-
-    locations."/" = {
-      root = pkgs.landingpage.override {
-        jsonConfig = {
-          items = [{
-            items = [
-              {
-                label = "github";
-                href = "https://github.com/miaEngiadina";
-                image =
-                  "https://media.giphy.com/media/l0MYEpMgixXtNRgrK/giphy.gif";
-              }
-              {
-                label = "Confluence";
-                href = "https://fysitech.atlassian.net/wiki/spaces/DI/overview";
-                image = "https://media.giphy.com/media/TfMcfnr6USBtm/giphy.gif";
-              }
-              {
-                label = "Kanban Board";
-                href =
-                  "https://fysitech.atlassian.net/jira/software/projects/DPE/boards/1";
-                image =
-                  "https://media.giphy.com/media/10zsjaH4g0GgmY/giphy.gif";
-              }
-
-            ];
-          }];
-        };
-      };
-    };
-  };
-
   services.nginx.virtualHosts."${config.networking.hostName}.private" = {
     default = true;
     locations."/" = {
@@ -40,57 +7,38 @@
         jsonConfig = {
           items = [
             {
-              # text = "hallo";
+              text = "Syncthings";
+              items = map
+                ({ name, host ? "${name}.private", ... }: {
+                  label = name;
+                  href = "http://${host}:8384/";
+                  image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
+                })
+                (map (name: { inherit name; }) (lib.attrNames
+                  config.module.cluster.services.tinc."private".hosts));
+            }
+            {
+              text = "netdata";
+              items = map
+                ({ name, host ? "${name}.private", ... }: {
+                  label = name;
+                  href = "http://${host}:19999/";
+                  image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
+                })
+                (map (name: { inherit name; }) [
+                  "robi"
+                  "pepe"
+                ]);
+            }
+            {
+              text = "Various Links";
               items = [
-
-                {
-                  label = "Dashboard";
-                  href = "http://grafana.workhorse.private";
-                  image =
-                    "https://media.giphy.com/media/eLmaUW5dJak2k/giphy.gif";
-                }
-                {
-                  label = "Prometheus";
-                  href = "http://prometheus.workhorse.private/";
-                  image =
-                    "https://media.giphy.com/media/1NLZYcJGLM9mo/giphy.gif";
-                }
-                {
-                  label = "Graylog";
-                  href = "http://graylog.workhorse.private/";
-                  image =
-                    "https://media.giphy.com/media/6oeRBKg7mwEZnSnYkn/giphy.gif";
-                }
-                {
-                  label = "Jenkins";
-                  href = "http://jenkins.workhorse.private/";
-                  image =
-                    "https://media.giphy.com/media/nQYnLFII2sFcQ/giphy.gif";
-                }
-                {
-                  label = "HomeAssistant";
-                  href = "http://pepe.private:8123/lovelace/view_overview";
-                  image =
-                    "https://media.giphy.com/media/3o6ZtosYxN9Eo3AAZq/giphy.gif";
-                }
-                {
-                  label = "Kodi";
-                  href = "http://porani.private:8080/";
-                  image =
-                    "https://media.giphy.com/media/d9wPasV7ukkta/giphy.gif";
-                }
                 {
                   label = "Hetzner Cloud";
                   href = "https://console.hetzner.cloud/projects";
                   image =
                     "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
                 }
-                {
-                  label = "Transmission";
-                  href = "http://transmission.kruck.private/";
-                  image =
-                    "https://media.giphy.com/media/9ryQgA3d0BVoe7iZl0/giphy.gif";
-                }
                 {
                   label = "Pass the Popcorn";
                   href = "https://passthepopcorn.me/";
@@ -103,18 +51,6 @@
                   image =
                     "https://media.giphy.com/media/ku5EcFe4PNGWA/giphy.gif";
                 }
-                {
-                  label = "Kibana Workhorse";
-                  href = "http://kibana.workhorse.private/";
-                  image =
-                    "https://media.giphy.com/media/24sVlirH2qPTO/giphy.gif";
-                }
-                {
-                  label = "Kibana Workout";
-                  href = "http://kibana.workout.private/";
-                  image =
-                    "https://media.giphy.com/media/24sVlirH2qPTO/giphy.gif";
-                }
                 {
                   label = "Cups";
                   href = "http://localhost:631/";
@@ -123,48 +59,6 @@
                 }
               ];
             }
-            {
-              text = "Betfair";
-              items = [
-                {
-                  label = "betfair";
-                  href = "https://www.betfair.com/exchange/plus/football";
-                  image =
-                    "https://media.giphy.com/media/3og0ILXHf8hmHmET1C/giphy.gif";
-                }
-                {
-                  label = "token";
-                  href =
-                    "https://docs.developer.betfair.com/visualisers/api-ng-account-operations/";
-                  image =
-                    "https://media.giphy.com/media/aeIlR57TpTimI/giphy.gif";
-                }
-                {
-                  label = "api doku";
-                  href =
-                    "https://docs.developer.betfair.com/display/1smk3cen4v3lu3yomq5qye0ni/Reference+Guide";
-                  image =
-                    "https://media.giphy.com/media/11bKAQfWd0Yo0w/giphy.gif";
-                }
-              ];
-            }
-            {
-              text = "Lektor";
-              items = [
-                {
-                  label = "Terranix";
-                  href = "http://terranix.schasch.private";
-                  image =
-                    "https://media.giphy.com/media/nGtOFccLzujug/giphy.gif";
-                }
-                {
-                  label = "tech-blog";
-                  href = "http://techblog.schasch.private";
-                  image =
-                    "https://media.giphy.com/media/nGtOFccLzujug/giphy.gif";
-                }
-              ];
-            }
             {
               text = "NixOS";
               items = [
@@ -193,12 +87,6 @@
                   image =
                     "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
                 }
-                {
-                  label = "NixOS Options";
-                  href = "https://nixos.org/nixos/options.html";
-                  image =
-                    "https://media.giphy.com/media/3fiw51MvIWcGjMhy9a/giphy.gif";
-                }
                 {
                   label = "NixOS Language specific helpers";
                   href =
@@ -226,33 +114,6 @@
                 }
               ];
             }
-            {
-              text = "Syncthings";
-              items = map
-                ({ name, host ? "${name}.private", ... }: {
-                  label = name;
-                  href = "http://${host}:8384/";
-                  image =
-                    "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
-                })
-                (map (name: { inherit name; }) (lib.attrNames
-                  config.module.cluster.services.tinc."private".hosts));
-            }
-            {
-              text = "netdata";
-              items = map
-                ({ name, host ? "${name}.private", ... }: {
-                  label = name;
-                  href = "http://${host}:19999/";
-                  image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
-                })
-                (map (name: { inherit name; }) [
-                  "workhorse"
-                  "pepe"
-                ]
-                  #(lib.attrNames config.module.cluster.services.tinc."private".hosts)
-                );
-            }
           ];
         };
       };

nixos/system/all/nginx.nix

@@ -17,24 +17,24 @@ in
     recommendedTlsSettings = lib.mkDefault true;
 
     # for graylog logging
-    commonHttpConfig = ''
-      log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
-        '"facility": "nginx", '
-        '"src_addr": "$remote_addr", '
-        '"body_bytes_sent": $body_bytes_sent, '
-        '"request_time": $request_time, '
-        '"response_status": $status, '
-        '"request": "$request", '
-        '"request_method": "$request_method", '
-        '"host": "$host",'
-        '"upstream_cache_status": "$upstream_cache_status",'
-        '"upstream_addr": "$upstream_addr",'
-        '"http_x_forwarded_for": "$http_x_forwarded_for",'
-        '"http_referrer": "$http_referer", '
-        '"http_user_agent": "$http_user_agent" }';
-      access_log syslog:server=${access_log_sink} graylog2_json;
-      error_log syslog:server=${error_log_sink};
-    '';
+    #commonHttpConfig = ''
+    #  log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
+    #    '"facility": "nginx", '
+    #    '"src_addr": "$remote_addr", '
+    #    '"body_bytes_sent": $body_bytes_sent, '
+    #    '"request_time": $request_time, '
+    #    '"response_status": $status, '
+    #    '"request": "$request", '
+    #    '"request_method": "$request_method", '
+    #    '"host": "$host",'
+    #    '"upstream_cache_status": "$upstream_cache_status",'
+    #    '"upstream_addr": "$upstream_addr",'
+    #    '"http_x_forwarded_for": "$http_x_forwarded_for",'
+    #    '"http_referrer": "$http_referer", '
+    #    '"http_user_agent": "$http_user_agent" }';
+    #  access_log syslog:server=${access_log_sink} graylog2_json;
+    #  error_log syslog:server=${error_log_sink};
+    #'';
   };
 
   services.nginx.package = pkgs.nginxMainline;

nixos/system/all/sshd-known-hosts-private.nix

@@ -38,22 +38,6 @@
       ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
     };
-    "workhorse.private" = {
-      hostNames = [
-        "workhorse.private"
-        "workhorse.secret"
-        config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
-        config.module.cluster.services.tinc.secret.hosts.workhorse.tincIp
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
-    };
-    "porani.secret" = {
-      hostNames = [
-        "porani.secret"
-        config.module.cluster.services.tinc.secret.hosts.porani.tincIp
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
-    };
     "pepe.private" = {
       hostNames = [
         "pepe.private"

nixos/system/all/tinc.nix

@@ -40,14 +40,6 @@ in
           tincIp = "10.243.23.3";
           publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
         };
-        workhorse = {
-          tincIp = "10.243.23.5";
-          publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
-        };
-        workout = {
-          tincIp = "10.243.23.4";
-          publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
-        };
       };
     };
     # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
@@ -70,14 +62,6 @@ in
           tincIp = "10.123.42.24";
           publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
         };
-        porani = {
-          tincIp = "10.123.42.31";
-          publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
-        };
-        workhorse = {
-          tincIp = "10.123.42.21";
-          publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
-        };
         robi = {
           realAddress = [ "144.76.13.147" ];
           tincIp = "10.123.42.123";
@@ -94,10 +78,6 @@ in
       privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
       privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
       hosts = {
-        workout = {
-          tincIp = "10.23.42.27";
-          publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
-        };
         pepe = {
           tincIp = "10.23.42.26";
           publicKey = lib.fileContents ../../assets/tinc/pepe_host_file;
@@ -110,14 +90,6 @@ in
           tincIp = "10.23.42.23";
           publicKey = lib.fileContents ../../assets/tinc/mobi_host_file;
         };
-        #porani = {
-        #  tincIp = "10.23.42.31";
-        #  publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
-        #};
-        workhorse = {
-          tincIp = "10.23.42.21";
-          publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
-        };
         robi = {
           realAddress = [ "144.76.13.147" ];
           tincIp = "10.23.42.111";