diff --git a/inventories/default.nix b/inventories/default.nix index 6626d9b..ce86bd7 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -163,62 +163,6 @@ }; }; - pocket-id = { - module = { - name = "pocket-id"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - nextcloud = { - module = { - name = "nextcloud"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - stirling-pdf = { - module = { - name = "stirling-pdf"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - actual-budget = { - module = { - name = "actual-budget"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - victoriametrics = { - module = { - name = "victoriametrics"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - vikunja = { - module = { - name = "vikunja"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - grafana = { - module = { - name = "grafana"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; - paperless = { - module = { - name = "paperless"; - input = "self"; - }; - roles.default.machines.b4l = { }; - }; pulse-stream = { module = { name = "pulse-stream"; diff --git a/machines/b4l/configuration.nix b/machines/b4l/configuration.nix deleted file mode 100644 index a62ce37..0000000 --- a/machines/b4l/configuration.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs, config, ... }: -{ - imports = [ - (inputs.import-tree ./services) - ]; - nixpkgs.hostPlatform = { - system = "x86_64-linux"; - }; - boot.loader.grub.devices = [ "/dev/disk/by-id/FIXME" ]; - fileSystems = { - "/".device = "/dev/FIXME"; - }; - networking.fqdn = "b4l.co.th"; - system.stateVersion = "25.11"; - clan.core.sops.defaultGroups = [ "admins" ]; - - security.acme.defaults.email = "admin@b4l.co.th"; - security.acme.acceptTerms = true; - services.nginx.virtualHosts."${config.networking.fqdn}" = { - enableACME = true; - }; - - clan.core.vars.generators.acme = { - share = true; - files.email.secret = false; - - prompts.email = { - type = "line"; - description = "Email for ACME registeration"; - }; - - script = '' - cat $prompts/email > $out/email - ''; - }; -} diff --git a/machines/b4l/services/actual-budget.nix b/machines/b4l/services/actual-budget.nix deleted file mode 100644 index 50b1538..0000000 --- a/machines/b4l/services/actual-budget.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, ... }: -let - abDomain = "${config.clan.core.vars.generators.b4l-actual-budget.files.subdomain.value}.${config.networking.fqdn}"; -in -{ - clan.core.vars.generators.b4l-actual-budget = { - files.subdomain.secret = false; - - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Actual Budget app. Default:(budget)"; - }; - }; - - script = ''cat $prompts/subdomain || echo -n "budget" > $out/subdomain''; - }; - - services.actual = { - settings = { - allowedLoginMethods = [ - "password" - "openid" - ]; - trustedProxies = [ "127.0.0.1" ]; - }; - }; - services.nginx.virtualHosts."${abDomain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.actual.settings.port}"; - }; - }; -} diff --git a/machines/b4l/services/grafana.nix b/machines/b4l/services/grafana.nix deleted file mode 100644 index 85793da..0000000 --- a/machines/b4l/services/grafana.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -with lib; -let - serviceName = "${config.networking.hostName}-grafana"; - gfDomain = "${ - config.clan.core.vars.generators."${serviceName}".files.subdomain.value - }.${config.networking.fqdn}"; - - settingsFormatIni = pkgs.formats.ini { - listToValue = concatMapStringsSep " " (generators.mkValueStringDefault { }); - mkKeyValue = generators.mkKeyValueDefault { - mkValueString = v: if v == null then "" else generators.mkValueStringDefault { } v; - } "="; - }; - configFile = settingsFormatIni.generate "config.ini" config.services.grafana.settings; -in -{ - clan.core.vars.generators."${serviceName}" = { - files = { - adminpassword.secret = true; - subdomain.secret = false; - }; - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Grafana. Default:(grafana)"; - }; - adminpassword = { - persist = true; - type = "hidden"; - description = "Password for the admin user. Leave empty to auto-generate."; - }; - }; - - runtimeInputs = [ - pkgs.xkcdpass - pkgs.coreutils - ]; - - script = '' - prompt_domain=$(cat "$prompts"/subdomain) - if [[ -n "''${prompt_domain-}" ]]; then - echo $prompt_domain | tr -d "\n" > "$out"/subdomain - else - echo -n "grafana" > "$out"/subdomain - fi - - prompt_password=$(cat "$prompts"/adminpassword) - if [[ -n "''${prompt_password-}" ]]; then - echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword - else - xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword - fi - ''; - }; - - systemd.services.grafana.serviceConfig.ExecStartPre = [ - "+${pkgs.writeShellScript "grafana-set-password" '' - ${pkgs.grafana}/bin/grafana cli --homepath ${config.services.grafana.dataDir} --config ${configFile} admin reset-admin-password $(cat ${ - config.clan.core.vars.generators."${serviceName}".files.adminpassword.path - }) - ''}" - ]; - - services.nginx.virtualHosts."${gfDomain}" = { - forceSSL = true; - useACMEHost = "${config.networking.fqdn}"; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}"; - }; - }; - -} diff --git a/machines/b4l/services/nextcloud.nix b/machines/b4l/services/nextcloud.nix deleted file mode 100644 index 4b4e55e..0000000 --- a/machines/b4l/services/nextcloud.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, pkgs, ... }: -let - ncDomain = "${config.clan.core.vars.generators.b4l-nextcloud.files.subdomain.value}.${config.networking.fqdn}"; -in -{ - clan.core.vars.generators.b4l-nextcloud = { - files.subdomain.secret = false; - - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Nextcloud app. Default:(cloud)"; - }; - }; - - script = ''cat $prompts/subdomain || echo -n "cloud" > $out/subdomain''; - }; - - services.nextcloud = { - hostName = ncDomain; - package = pkgs.nextcloud33; - - settings = { - - overwriteprotocol = "https"; - trusted_domains = [ ]; - trusted_proxies = [ ]; - }; - }; - services.nginx.virtualHosts."${ncDomain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - }; -} diff --git a/machines/b4l/services/paperless.nix b/machines/b4l/services/paperless.nix deleted file mode 100644 index da8b651..0000000 --- a/machines/b4l/services/paperless.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, ... }: -let - serviceName = "${config.networking.hostName}-paperless"; - domain-name = "${ - config.clan.core.vars.generators."${serviceName}".files.subdomain.value - }.${config.networking.fqdn}"; -in -{ - clan.core.vars.generators."${serviceName}" = { - files = { - subdomain.secret = false; - adminpassword = { - secret = true; - owner = config.services.paperless.user; - group = config.services.paperless.user; - }; - }; - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Paperless. Default:(paperless)"; - }; - adminpassword = { - persist = true; - type = "hidden"; - description = "Password for the admin user. Leave empty to auto-generate."; - }; - }; - - runtimeInputs = [ - pkgs.xkcdpass - pkgs.coreutils - ]; - - script = '' - prompt_domain=$(cat "$prompts"/subdomain) - if [[ -n "''${prompt_domain-}" ]]; then - echo $prompt_domain | tr -d "\n" > "$out"/subdomain - else - echo -n "paperless" > "$out"/subdomain - fi - - prompt_password=$(cat "$prompts"/adminpassword) - if [[ -n "''${prompt_password-}" ]]; then - echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword - else - xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword - fi - ''; - }; - - environment.systemPackages = [ pkgs.toybox ]; - - services.paperless = { - passwordFile = config.clan.core.vars.generators."${serviceName}".files.adminpassword.path; - }; - - services.nginx.virtualHosts."${domain-name}" = { - forceSSL = true; - useACMEHost = "${config.networking.fqdn}"; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.paperless.port}"; - }; - }; - -} diff --git a/machines/b4l/services/pocket-id.nix b/machines/b4l/services/pocket-id.nix deleted file mode 100644 index d610209..0000000 --- a/machines/b4l/services/pocket-id.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, ... }: -let - pidDomain = "${config.clan.core.vars.generators.b4l-pocket-id.files.subdomain.value}.${config.networking.fqdn}"; -in -{ - clan.core.vars.generators.b4l-pocket-id = { - files.subdomain.secret = false; - - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Pocket-ID app. Default:(auth)"; - }; - }; - - script = ''cat $prompts/subdomain || echo -n "auth" > $out/subdomain''; - }; - - services.pocket-id = { - settings = { - APP_ENV = "production"; - APP_URL = "https://${pidDomain}"; - TRUST_PROXY = true; - }; - }; - - services.nginx.virtualHosts."${pidDomain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.pocket-id.settings.PORT}"; - }; - }; -} diff --git a/machines/b4l/services/stirling-pdf.nix b/machines/b4l/services/stirling-pdf.nix deleted file mode 100644 index 37e64fd..0000000 --- a/machines/b4l/services/stirling-pdf.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: -let - stDomain = "${config.clan.core.vars.generators.b4l-stirling-pdf.files.subdomain.value}.${config.networking.fqdn}"; -in -{ - clan.core.vars.generators.b4l-stirling-pdf = { - files.subdomain.secret = false; - - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Stirling PDF app. Default:(pdf)"; - }; - }; - script = ''cat $prompts/subdomain || echo -n "pdf" > $out/subdomain''; - }; - - services.nginx.virtualHosts."${stDomain}" = { - forceSSL = true; - useACMEHost = "${config.networking.fqdn}"; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.stirling-pdf.environment.SERVER_PORT}"; - }; - }; -} diff --git a/machines/b4l/services/victoriametrics.nix b/machines/b4l/services/victoriametrics.nix deleted file mode 100644 index c7213e0..0000000 --- a/machines/b4l/services/victoriametrics.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, pkgs, ... }: -let - vmDomain = "${config.clan.core.vars.generators.b4l-victoriametrics.files.subdomain.value}.${config.networking.fqdn}"; -in -{ - clan.core.vars.generators.b4l-victoriametrics = { - files.subdomain.secret = false; - files.adminuser.secret = false; - files.adminpassword.secret = true; - - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Victoria Metrics app. Default:(metrics)"; - }; - adminuser = { - persist = true; - type = "line"; - description = "Username for an admin user. Default:(admin)"; - }; - adminpassword = { - persist = true; - type = "hidden"; - description = "Password for the admin user. Leave empty to auto-generate."; - }; - }; - - runtimeInputs = [ - pkgs.xkcdpass - pkgs.coreutils - ]; - - script = '' - prompt_domain=$(cat "$prompts"/subdomain) - if [[ -n "''${prompt_domain-}" ]]; then - echo $prompt_domain | tr -d "\n" > "$out"/subdomain - else - echo -n "metrics" > "$out"/subdomain - fi - - prompt_adminuser=$(cat "$prompts"/adminuser) - if [[ -n "''${prompt_adminuser-}" ]]; then - echo $prompt_adminuser | tr -d "\n" > "$out"/adminuser - else - echo -n "admin" > "$out"/adminuser - fi - - prompt_password=$(cat "$prompts"/adminpassword) - if [[ -n "''${prompt_password-}" ]]; then - echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword - else - xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword - fi - ''; - }; - - services.victoriametrics = { - extraOptions = [ - "-httpAuth.username=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminuser.path}" - "-httpAuth.password=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminpassword.path}" - ]; - }; - - services.nginx.virtualHosts."${vmDomain}" = { - forceSSL = true; - useACMEHost = "${config.networking.fqdn}"; - locations."/" = { - proxyPass = "http://localhost${builtins.toString config.services.victoriametrics.listenAddress}"; - }; - }; - -} diff --git a/machines/b4l/services/vikunja.nix b/machines/b4l/services/vikunja.nix deleted file mode 100644 index df0592d..0000000 --- a/machines/b4l/services/vikunja.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: -{ - clan.core.vars.generators.b4l-vikunja = { - files.subdomain.secret = false; - - prompts = { - subdomain = { - persist = true; - type = "line"; - description = "Sub-domain for Vikunja todo app. Default:(todo)"; - }; - }; - - script = ''cat $prompts/subdomain || echo "todo" > $out/subdomain''; - }; - services.vikunja = { - frontendHostname = "${config.clan.core.vars.generators.b4l-vikunja.files.subdomain.value}.${config.networking.fqdn}"; - }; - services.nginx.virtualHosts."${config.services.vikunja.frontendHostname}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - locations."/" = { - proxyPass = "${config.services.vikunja.frontendScheme}://${config.services.vikunja.frontendHostname}:${builtins.toString config.services.vikunja.port}"; - }; - }; -}