Clean up lapetus a bit

2024-11-09 12:45:25 +01:00 · 2024-11-09 12:45:25 +01:00 · 0c6aff0470
commit 0c6aff0470
parent 2b082e9808
16 changed files with 34 additions and 204 deletions
--- a/hosts/nixos/calypso/default.nix
+++ b/hosts/nixos/calypso/default.nix
@ -53,6 +53,7 @@
  programs.kdeconnect.enable = true;
  programs.firejail.enable = true;
  programs.nix-ld.enable = true; # Useful for running non-nix executables
+  services.mullvad-vpn.enable = true;
  # }}}
  # {{{ SSH keys
  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../tethys/keys/id_ed25519.pub ];
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@ -17,11 +17,6 @@
    ../common/optional/services/restic
    ../common/optional/services/wpa_supplicant.nix

-    # ./services/commafeed.nix
-    # ./services/ddclient.nix
-    # ./services/guacamole
-    # ./services/intray.nix
-    # ./services/smos.nix
    ./services/5d-diplomacy
    ./services/actual.nix
    ./services/cloudflared.nix
--- a/hosts/nixos/lapetus/services/commafeed.nix
+++ b/hosts/nixos/lapetus/services/commafeed.nix
@ -1,36 +0,0 @@
-{ config, ... }:
-let
-  port = config.satellite.ports.commafeed;
-  dataDir = "/persist/state/var/lib/commafeed";
-in
-{
-  systemd.tmpfiles.rules = [ "d ${dataDir}" ];
-  satellite.nginx.at.rss.port = port;
-
-  virtualisation.oci-containers.containers.commafeed = {
-    image = "athou/commafeed:latest";
-
-    ports = [ "${toString port}:8082" ]; # server:docker
-    volumes = [ "${dataDir}:/commafeed/data" ]; # server:docker
-
-    # the JVM is way too hungry
-    entrypoint = builtins.toJSON [
-      "java"
-      "-Xmx64m"
-      "-jar"
-      "commafeed.jar"
-      "server"
-      "config.yml"
-    ];
-
-    # https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example
-    environment = {
-      CF_APP_PUBLICURL = "https://${config.satellite.nginx.at.rss.host}";
-      CF_APP_ALLOWREGISTRATIONS = "false"; # I already made an account
-      CF_APP_MAXENTRIESAGEDAYS = "0"; # Fetch old entries
-
-      # I randomly generated an user agent for this
-      CF_APP_USERAGENT = "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0_6; like Mac OS X) AppleWebKit/533.48 (KHTML, like Gecko)  Chrome/49.0.2557.162 Mobile Safari/602.0";
-    };
-  };
-}
--- a/hosts/nixos/lapetus/services/ddclient.nix
+++ b/hosts/nixos/lapetus/services/ddclient.nix
@ -1,36 +0,0 @@
-# DDClient is a dynamic dns service
-{ config, pkgs, ... }:
-{
-  services.ddclient = {
-    enable = true;
-    interval = "1m";
-    configFile = config.sops.templates."ddclient.conf".path;
-
-    # REASON: latest release doesn't support explicit root-domain annotations for porkbun
-    package = pkgs.ddclient.overrideAttrs (_: {
-      src = pkgs.fetchFromGitHub {
-        owner = "ddclient";
-        repo = "ddclient";
-        rev = "9885d55a3741363ad52d3463cb846d5782efb073";
-        sha256 = "0zyi8h13y18vrlxavx1vva4v0ya5v08bxdxlr3is49in3maz2n37";
-      };
-    });
-  };
-
-  sops.templates."ddclient.conf".content = ''
-    # General settings
-    cache=/var/lib/ddclient/ddclient.cache # See the nixos module for details
-    foreground=YES
-
-    # Routers
-    use=web, web=checkip.dyndns.com/, web-skip='Current IP Address: '
-
-    # Protocols
-    protocol=porkbun
-    apikey=${config.sops.placeholder.porkbun_api_key}
-    secretapikey=${config.sops.placeholder.porkbun_secret_api_key}
-    root-domain=moonythm.dev # The root domain detection doesn't work properly
-    real.lapetus.moonythm.dev
-  '';
-}
-
--- a/hosts/nixos/lapetus/services/forgejo.nix
+++ b/hosts/nixos/lapetus/services/forgejo.nix
@ -29,8 +29,11 @@
        HTTP_PORT = config.satellite.cloudflared.at.git.port;
        ROOT_URL = config.satellite.cloudflared.at.git.url;
        LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
+
+        START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
        SSH_DOMAIN = config.satellite.cloudflared.at."ssh.git".host;
-        SSH_PORT = config.satellite.ports.forgejo-ssh;
+        SSH_LISTEN_PORT = config.satellite.ports.forgejo-ssh;
      };

      cron.ENABLED = true;
@ -46,8 +49,9 @@

      repository = {
        DISABLE_STARS = true;
-        DISABLED_REPO_UNITS = "";
        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ "repo.code" ];
+        ENABLE_PUSH_CREATE_USER = true;
+        ENABLE_PUSH_CREATE_ORG = true;
      };
    };
  };
--- a/hosts/nixos/lapetus/services/homer.nix
+++ b/hosts/nixos/lapetus/services/homer.nix
@ -92,37 +92,17 @@ in
          ];
        }
        # }}}
-        # {{{ Productivity
+        # {{{ Tooling
        {
-          name = "Productivity";
-          icon = fa "rocket";
+          name = "Tooling";
+          icon = fa "toolbox";
          items = [
-            {
-              name = "Intray";
-              subtitle = "GTD capture tool";
-              icon = fa "inbox";
-              url = "https://intray.moonythm.dev";
-            }
-            {
-              name = "Smos";
-              subtitle = "A comprehensive self-management system.";
-              icon = fa "cubes-stacked";
-              url = "https://smos.moonythm.dev";
-            }
            {
              name = "Actual";
              subtitle = "Budgeting tool";
              logo = icon "actual.png";
              url = "https://actual.moonythm.dev";
            }
-          ];
-        }
-        # }}}
-        # {{{ Tooling
-        {
-          name = "Tooling";
-          icon = fa "toolbox";
-          items = [
            {
              name = "Vaultwarden";
              subtitle = "Password manager";
--- a/hosts/nixos/lapetus/services/intray.nix
+++ b/hosts/nixos/lapetus/services/intray.nix
@ -1,33 +0,0 @@
-{ inputs, config, ... }:
-let
-  username = "prescientmoon";
-  apiPort = config.satellite.ports.intray-api;
-  webPort = config.satellite.ports.intray-client;
-in
-{
-  imports = [ inputs.intray.nixosModules.x86_64-linux.default ];
-
-  # {{{ Configure intray 
-  services.intray.production = {
-    enable = true;
-    api-server = {
-      enable = true;
-      port = apiPort;
-      admins = [ username ];
-    };
-    web-server = {
-      enable = true;
-      port = webPort;
-      api-url = config.satellite.nginx.at."api.intray".url;
-    };
-  };
-  # }}}
-  # {{{ Networking & storage
-  satellite.nginx.at."intray".port = webPort;
-  satellite.nginx.at."api.intray".port = apiPort;
-
-  environment.persistence."/persist/state".directories = [
-    "/www/intray/production/data"
-  ];
-  # }}}
-}
--- a/hosts/nixos/lapetus/services/invidious.nix
+++ b/hosts/nixos/lapetus/services/invidious.nix
@ -37,8 +37,8 @@
        owner = "iv-org";
        repo = "invidious";
        fetchSubmodules = true;
-        rev = "a88a723de3a3d96d8ff748cb117ae48265ee552c";
-        sha256 = "0v5fmz6dm7s94kw7ilblad95mfydsmk5dr3f1wwgxzzynvigy2bc";
+        rev = "b173d4acf21563d47d26718eca7932878fb424e6";
+        sha256 = "04z11yai4yrjpd9im38dgx1p2qnh8px1zq28m1ay9jjk2s143j4r";
      };
    });
  };
--- a/hosts/nixos/lapetus/services/smos.nix
+++ b/hosts/nixos/lapetus/services/smos.nix
@ -1,53 +0,0 @@
-{ inputs, config, ... }:
-let username = "prescientmoon";
-in
-{
-  imports = [ inputs.smos.nixosModules.x86_64-linux.default ];
-
-  # {{{ Configure smos 
-  services.smos.production = {
-    enable = true;
-
-    # {{{ Docs server 
-    docs-site = {
-      enable = true;
-      openFirewall = false;
-      port = config.satellite.nginx.at."docs.smos".port;
-      api-url = config.satellite.nginx.at."api.smos".url;
-      web-url = config.satellite.nginx.at."smos".url;
-    };
-    # }}}
-    # {{{ Api server
-    api-server = {
-      enable = true;
-      openFirewall = false;
-      port = config.satellite.nginx.at."api.smos".port;
-      admin = username;
-
-      max-backups-per-user = 5;
-      backup-interval = 3600;
-      local-backup.enable = true;
-    };
-    # }}}
-    # {{{ Web server
-    web-server = {
-      enable = true;
-      openFirewall = false;
-      port = config.satellite.nginx.at."smos".port;
-      docs-url = config.satellite.nginx.at."docs.smos".url;
-      api-url = config.satellite.nginx.at."api.smos".url;
-      web-url = config.satellite.nginx.at."smos".url;
-    };
-    # }}}
-  };
-  # }}}
-  # {{{ Networking & storage
-  satellite.nginx.at."docs.smos".port = config.satellite.ports.smos-docs;
-  satellite.nginx.at."api.smos".port = config.satellite.ports.smos-api;
-  satellite.nginx.at."smos".port = config.satellite.ports.smos-client;
-
-  environment.persistence."/persist/state".directories = [
-    "/www/smos/production"
-  ];
-  # }}}
-}