From db146491a08dd8469cbbf350558547aecb219c07 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Fri, 12 Apr 2024 23:11:49 +0200 Subject: [PATCH] cleanup --- nixos/machines/orbi/configuration.nix | 4 - nixos/machines/orbi/property.nix | 43 ----- nixos/machines/orbi/screeps.nix | 73 -------- .../orbi/social-matrix-ingolf-wagner.nix | 176 ------------------ 4 files changed, 296 deletions(-) delete mode 100644 nixos/machines/orbi/property.nix delete mode 100644 nixos/machines/orbi/screeps.nix delete mode 100644 nixos/machines/orbi/social-matrix-ingolf-wagner.nix diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix index 74f4815..f972f39 100644 --- a/nixos/machines/orbi/configuration.nix +++ b/nixos/machines/orbi/configuration.nix @@ -12,9 +12,6 @@ ./service-hedgedoc.nix ./service-forgejo.nix #./borg.nix - #./codimd.nix - #./gitea.nix - #./packages.nix #./taskserver.nix #./vaultwarden.nix @@ -34,7 +31,6 @@ #./social-jitsi.nix ./social-matrix-terranix.nix - #./social-matrix-ingolf-wagner.nix #./sync-opentracker.nix #./sync-torrent.nix diff --git a/nixos/machines/orbi/property.nix b/nixos/machines/orbi/property.nix deleted file mode 100644 index 169f2c2..0000000 --- a/nixos/machines/orbi/property.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, pkgs, config, ... }: { - - users.users.property = { isSystemUser = true; }; - - systemd.services.property = { - enable = true; - wantedBy = [ "multi-user.target" ]; - path = [ - (pkgs.python3.withPackages (ps: - with ps; [ - flask - selenium - beautifulsoup4 - urllib3 - sqlalchemy - mysqlclient - pytest - dateparser - geopy - nltk - click - ])) - ]; - - serviceConfig = { User = "property"; }; - script = '' - FLASK_APP=${}/server.py \ - FLASK_RUN_PORT=7888 \ - flask run --host 0.0.0.0 \ - "$@" - ''; - }; - - services.nginx = { - enable = true; - virtualHosts = { - "property.workhorse.private" = { - locations."/" = { proxyPass = "http://localhost:7888"; }; - }; - }; - }; - -} diff --git a/nixos/machines/orbi/screeps.nix b/nixos/machines/orbi/screeps.nix deleted file mode 100644 index d597ae4..0000000 --- a/nixos/machines/orbi/screeps.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - debug = true; - #version = "latest"; - # version = "142c079"; # 2 years ago. - # version = "v1.14.0"; # 2 years ago. - version = "v1.13.2"; # 2 years ago. -in -{ - virtualisation.oci-containers = { - containers.screeps = { - volumes = [ - "/srv/screeps:/screeps" - (optionalString debug "/srv/screeps-tmp:/tmp") - ]; - environment.TZ = "Europe/Berlin"; - image = "screepers/screeps-launcher:${version}"; - ports = [ "21025:21025" ]; - }; - }; - - systemd.services.docker-screeps = - let - configuration = builtins.toJSON { - steamKey = "keyFromStep3"; - version = "latest"; - mods = [ - #"screepsmod-auth" - #"screepsmod-admin-utils" - #"screepsmod-mongo" - ]; - bots = { - simplebot = "screepsbot-zeswarm"; - }; - serverConfig = { - welcomeText = "

My Cool Server

"; - constants = { - "TEST_CONSTANT" = 123; - }; - tickRate = 1000; - }; - }; - in - { - - unitConfig = { - StartLimitInterval = 200; - StartLimitBurst = 2; - }; - - serviceConfig = { - Restart = mkForce (if debug then "no" else "always"); - RestartSec = 30; - ExecStartPre = [ - (toString (pkgs.writers.writeDash "create-screeps-config" '' - mkdir -p /srv/screeps/ - chown 1000:1000 -R /srv/screeps - ${optionalString debug "mkdir -p /srv/screeps-tmp"} - ${optionalString debug "chown 1000:1000 -R /srv/screeps-tmp"} - echo '${configuration}' > /srv/screeps/config.yaml - '')) - ]; - }; - }; - - #networking.firewall.allowedTCPPorts = [ 8123 ]; - #networking.firewall.allowedUDPPorts = [ 8123 ]; - - #networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ]; - #networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ]; - -} diff --git a/nixos/machines/orbi/social-matrix-ingolf-wagner.nix b/nixos/machines/orbi/social-matrix-ingolf-wagner.nix deleted file mode 100644 index 4629d85..0000000 --- a/nixos/machines/orbi/social-matrix-ingolf-wagner.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ config, pkgs, ... }: -let - # 1. create DNS entry `matrix.ingolf-wagner.de A - 95.216.66.212` - # 2. test with : https://federationtester.matrix.org/#ingolf-wagner.de - # 3. info at : https://silvio.github.io/docker-matrix/Example.configs.html - - domain = "ingolf-wagner.de"; - baseUrl = "https://matrix.${domain}"; - - matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user" '' - ${pkgs.matrix-synapse}/bin/register_new_matrix_user \ - -k $( ${pkgs.gojq}/bin/gojq \ - --yaml-input \ - --raw-output \ - '.registration_shared_secret' \ - ${config.sops.secrets.matrix_shared_secret.path} ) \ - http://localhost:8008 - ''; - - clientConfig."m.homeserver".base_url = baseUrl; - serverConfig."m.server" = "matrix.${domain}:443"; - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; - - element-web = - pkgs.runCommand "element-web-with-config" - { - nativeBuildInputs = [ pkgs.buildPackages.jq ]; - } '' - cp -r ${pkgs.element-web} $out - chmod -R u+w $out - jq '."default_server_config"."m.homeserver" = { "base_url": "https://matrix.${domain}", "server_name": "${domain}" }' \ - > $out/config.json < ${pkgs.element-web}/config.json - ln -s $out/config.json $out/config.matrix.${domain}.json - ''; -in -{ - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; - - environment.systemPackages = [ matrix_create_user ]; - - sops.secrets.matrix_shared_secret.owner = "matrix-synapse"; - users.users.matrix-synapse = { - isSystemUser = true; - uid = config.ids.uids.matrix-synapse; - group = "matrix-synapse"; - }; - users.groups.matrix-synapse.gid = config.ids.gids.matrix-synapse; - - # todo : mount postgresql folder in a dedicated zfs pool - containers.matrix-ingolf-wagner = { - autoStart = true; - privateNetwork = false; - - bindMounts = { - rootpassword = { - hostPath = config.sops.secrets.matrix_shared_secret.path; - mountPoint = "/run/secrets/matrix-shared-secret"; - isReadOnly = true; - }; - }; - - config = { config, pkgs, lib, ... }: { - system.stateVersion = "23.11"; - - services.postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - services.matrix-synapse = { - enable = true; - settings.server_name = domain; - # The public base URL value must match the `base_url` value set in `clientConfig` above. - # The default value here is based on `server_name`, so if your `server_name` is different - # from the value of `matrix.` above, you will likely run into some mismatched domain names - # in client applications. - settings.public_baseurl = baseUrl; - extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ]; - settings.listeners = [ - { - port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" ]; - compress = true; - } - { - names = [ "federation" ]; - compress = false; - } - ]; - } - ]; - }; - - }; - }; - - - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - # # If the A and AAAA DNS records on example.org do not point on the same host as the - # # records for myhostname.example.org, you can easily move the /.well-known - # # virtualHost section of the code to the host that is serving example.org, while - # # the rest stays on myhostname.example.org with no other changes required. - # # This pattern also allows to seamlessly move the homeserver from - # # myhostname.example.org to myotherhost.example.org by only changing the - # # /.well-known redirection target. - # "${domain}" = { - # enableACME = true; - # forceSSL = true; - # # This section is not needed if the server_name of matrix-synapse is equal to - # # the domain (i.e. example.org from @foo:example.org) and the federation port - # # is 8448. - # # Further reference can be found in the docs about delegation under - # # https://element-hq.github.io/synapse/latest/delegate.html - # locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - # # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # # Further reference can be found in the upstream docs at - # # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient - # locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - # }; - - "matrix.${domain}" = { - enableACME = true; - forceSSL = true; - # It's also possible to do a redirect here or something else, this vhost is not - # needed for Matrix. It's recommended though to *not put* element - # here, see also the section about Element. - locations."/".extraConfig = '' - return 404; - ''; - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - # *must not* be used here. - locations."/_matrix".proxyPass = "http://[::1]:8008"; - # Forward requests for e.g. SSO and password-resets. - #locations."/_synapse/client".proxyPass = "http://[::1]:8008"; - }; - - "element.${domain}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; - ''; - locations."/".root = element-web; - }; - - }; - - }; - -}