rm b4l

inventories/default.nix

@@ -163,62 +163,6 @@
           };
         };
 
-        pocket-id = {
-          module = {
-            name = "pocket-id";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        nextcloud = {
-          module = {
-            name = "nextcloud";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        stirling-pdf = {
-          module = {
-            name = "stirling-pdf";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        actual-budget = {
-          module = {
-            name = "actual-budget";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        victoriametrics = {
-          module = {
-            name = "victoriametrics";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        vikunja = {
-          module = {
-            name = "vikunja";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        grafana = {
-          module = {
-            name = "grafana";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
-        paperless = {
-          module = {
-            name = "paperless";
-            input = "self";
-          };
-          roles.default.machines.b4l = { };
-        };
         pulse-stream = {
           module = {
             name = "pulse-stream";

machines/b4l/configuration.nix

@@ -1,36 +0,0 @@
-{ inputs, config, ... }:
-{
-  imports = [
-    (inputs.import-tree ./services)
-  ];
-  nixpkgs.hostPlatform = {
-    system = "x86_64-linux";
-  };
-  boot.loader.grub.devices = [ "/dev/disk/by-id/FIXME" ];
-  fileSystems = {
-    "/".device = "/dev/FIXME";
-  };
-  networking.fqdn = "b4l.co.th";
-  system.stateVersion = "25.11";
-  clan.core.sops.defaultGroups = [ "admins" ];
-
-  security.acme.defaults.email = "admin@b4l.co.th";
-  security.acme.acceptTerms = true;
-  services.nginx.virtualHosts."${config.networking.fqdn}" = {
-    enableACME = true;
-  };
-
-  clan.core.vars.generators.acme = {
-    share = true;
-    files.email.secret = false;
-
-    prompts.email = {
-      type = "line";
-      description = "Email for ACME registeration";
-    };
-
-    script = ''
-      cat $prompts/email > $out/email
-    '';
-  };
-}

machines/b4l/services/actual-budget.nix

@@ -1,36 +0,0 @@
-{ config, ... }:
-let
-  abDomain = "${config.clan.core.vars.generators.b4l-actual-budget.files.subdomain.value}.${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators.b4l-actual-budget = {
-    files.subdomain.secret = false;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Actual Budget app. Default:(budget)";
-      };
-    };
-
-    script = ''cat $prompts/subdomain || echo -n "budget" > $out/subdomain'';
-  };
-
-  services.actual = {
-    settings = {
-      allowedLoginMethods = [
-        "password"
-        "openid"
-      ];
-      trustedProxies = [ "127.0.0.1" ];
-    };
-  };
-  services.nginx.virtualHosts."${abDomain}" = {
-    useACMEHost = "${config.networking.fqdn}";
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.actual.settings.port}";
-    };
-  };
-}

machines/b4l/services/grafana.nix

@@ -1,79 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib;
-let
-  serviceName = "${config.networking.hostName}-grafana";
-  gfDomain = "${
-    config.clan.core.vars.generators."${serviceName}".files.subdomain.value
-  }.${config.networking.fqdn}";
-
-  settingsFormatIni = pkgs.formats.ini {
-    listToValue = concatMapStringsSep " " (generators.mkValueStringDefault { });
-    mkKeyValue = generators.mkKeyValueDefault {
-      mkValueString = v: if v == null then "" else generators.mkValueStringDefault { } v;
-    } "=";
-  };
-  configFile = settingsFormatIni.generate "config.ini" config.services.grafana.settings;
-in
-{
-  clan.core.vars.generators."${serviceName}" = {
-    files = {
-      adminpassword.secret = true;
-      subdomain.secret = false;
-    };
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Grafana. Default:(grafana)";
-      };
-      adminpassword = {
-        persist = true;
-        type = "hidden";
-        description = "Password for the admin user. Leave empty to auto-generate.";
-      };
-    };
-
-    runtimeInputs = [
-      pkgs.xkcdpass
-      pkgs.coreutils
-    ];
-
-    script = ''
-      prompt_domain=$(cat "$prompts"/subdomain)
-      if [[ -n "''${prompt_domain-}" ]]; then
-        echo $prompt_domain | tr -d "\n" > "$out"/subdomain
-      else
-        echo -n "grafana" > "$out"/subdomain
-      fi
-
-      prompt_password=$(cat "$prompts"/adminpassword)
-      if [[ -n "''${prompt_password-}" ]]; then
-        echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword
-      else
-        xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword
-      fi
-    '';
-  };
-
-  systemd.services.grafana.serviceConfig.ExecStartPre = [
-    "+${pkgs.writeShellScript "grafana-set-password" ''
-      ${pkgs.grafana}/bin/grafana cli --homepath ${config.services.grafana.dataDir} --config ${configFile} admin reset-admin-password $(cat ${
-        config.clan.core.vars.generators."${serviceName}".files.adminpassword.path
-      })
-    ''}"
-  ];
-
-  services.nginx.virtualHosts."${gfDomain}" = {
-    forceSSL = true;
-    useACMEHost = "${config.networking.fqdn}";
-    locations."/" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
-    };
-  };
-
-}

machines/b4l/services/nextcloud.nix

@@ -1,35 +0,0 @@
-{ config, pkgs, ... }:
-let
-  ncDomain = "${config.clan.core.vars.generators.b4l-nextcloud.files.subdomain.value}.${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators.b4l-nextcloud = {
-    files.subdomain.secret = false;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Nextcloud app. Default:(cloud)";
-      };
-    };
-
-    script = ''cat $prompts/subdomain || echo -n "cloud" > $out/subdomain'';
-  };
-
-  services.nextcloud = {
-    hostName = ncDomain;
-    package = pkgs.nextcloud33;
-
-    settings = {
-
-      overwriteprotocol = "https";
-      trusted_domains = [ ];
-      trusted_proxies = [ ];
-    };
-  };
-  services.nginx.virtualHosts."${ncDomain}" = {
-    useACMEHost = "${config.networking.fqdn}";
-    forceSSL = true;
-  };
-}

machines/b4l/services/paperless.nix

@@ -1,67 +0,0 @@
-{ config, pkgs, ... }:
-let
-  serviceName = "${config.networking.hostName}-paperless";
-  domain-name = "${
-    config.clan.core.vars.generators."${serviceName}".files.subdomain.value
-  }.${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators."${serviceName}" = {
-    files = {
-      subdomain.secret = false;
-      adminpassword = {
-        secret = true;
-        owner = config.services.paperless.user;
-        group = config.services.paperless.user;
-      };
-    };
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Paperless. Default:(paperless)";
-      };
-      adminpassword = {
-        persist = true;
-        type = "hidden";
-        description = "Password for the admin user. Leave empty to auto-generate.";
-      };
-    };
-
-    runtimeInputs = [
-      pkgs.xkcdpass
-      pkgs.coreutils
-    ];
-
-    script = ''
-      prompt_domain=$(cat "$prompts"/subdomain)
-      if [[ -n "''${prompt_domain-}" ]]; then
-        echo $prompt_domain | tr -d "\n" > "$out"/subdomain
-      else
-        echo -n "paperless" > "$out"/subdomain
-      fi
-
-      prompt_password=$(cat "$prompts"/adminpassword)
-      if [[ -n "''${prompt_password-}" ]]; then
-        echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword
-      else
-        xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword
-      fi
-    '';
-  };
-
-  environment.systemPackages = [ pkgs.toybox ];
-
-  services.paperless = {
-    passwordFile = config.clan.core.vars.generators."${serviceName}".files.adminpassword.path;
-  };
-
-  services.nginx.virtualHosts."${domain-name}" = {
-    forceSSL = true;
-    useACMEHost = "${config.networking.fqdn}";
-    locations."/" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.paperless.port}";
-    };
-  };
-
-}

machines/b4l/services/pocket-id.nix

@@ -1,35 +0,0 @@
-{ config, ... }:
-let
-  pidDomain = "${config.clan.core.vars.generators.b4l-pocket-id.files.subdomain.value}.${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators.b4l-pocket-id = {
-    files.subdomain.secret = false;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Pocket-ID app. Default:(auth)";
-      };
-    };
-
-    script = ''cat $prompts/subdomain || echo -n "auth" > $out/subdomain'';
-  };
-
-  services.pocket-id = {
-    settings = {
-      APP_ENV = "production";
-      APP_URL = "https://${pidDomain}";
-      TRUST_PROXY = true;
-    };
-  };
-
-  services.nginx.virtualHosts."${pidDomain}" = {
-    useACMEHost = "${config.networking.fqdn}";
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.pocket-id.settings.PORT}";
-    };
-  };
-}

machines/b4l/services/stirling-pdf.nix

@@ -1,26 +0,0 @@
-{ config, ... }:
-let
-  stDomain = "${config.clan.core.vars.generators.b4l-stirling-pdf.files.subdomain.value}.${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators.b4l-stirling-pdf = {
-    files.subdomain.secret = false;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Stirling PDF app. Default:(pdf)";
-      };
-    };
-    script = ''cat $prompts/subdomain || echo -n "pdf" > $out/subdomain'';
-  };
-
-  services.nginx.virtualHosts."${stDomain}" = {
-    forceSSL = true;
-    useACMEHost = "${config.networking.fqdn}";
-    locations."/" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.stirling-pdf.environment.SERVER_PORT}";
-    };
-  };
-}

machines/b4l/services/victoriametrics.nix

@@ -1,73 +0,0 @@
-{ config, pkgs, ... }:
-let
-  vmDomain = "${config.clan.core.vars.generators.b4l-victoriametrics.files.subdomain.value}.${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators.b4l-victoriametrics = {
-    files.subdomain.secret = false;
-    files.adminuser.secret = false;
-    files.adminpassword.secret = true;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Victoria Metrics app. Default:(metrics)";
-      };
-      adminuser = {
-        persist = true;
-        type = "line";
-        description = "Username for an admin user. Default:(admin)";
-      };
-      adminpassword = {
-        persist = true;
-        type = "hidden";
-        description = "Password for the admin user. Leave empty to auto-generate.";
-      };
-    };
-
-    runtimeInputs = [
-      pkgs.xkcdpass
-      pkgs.coreutils
-    ];
-
-    script = ''
-      prompt_domain=$(cat "$prompts"/subdomain)
-      if [[ -n "''${prompt_domain-}" ]]; then
-        echo $prompt_domain | tr -d "\n" > "$out"/subdomain
-      else
-        echo -n "metrics" > "$out"/subdomain
-      fi
-
-      prompt_adminuser=$(cat "$prompts"/adminuser)
-      if [[ -n "''${prompt_adminuser-}" ]]; then
-        echo $prompt_adminuser | tr -d "\n" > "$out"/adminuser
-      else
-        echo -n "admin" > "$out"/adminuser
-      fi
-
-      prompt_password=$(cat "$prompts"/adminpassword)
-      if [[ -n "''${prompt_password-}" ]]; then
-        echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword
-      else
-        xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword
-      fi
-    '';
-  };
-
-  services.victoriametrics = {
-    extraOptions = [
-      "-httpAuth.username=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminuser.path}"
-      "-httpAuth.password=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminpassword.path}"
-    ];
-  };
-
-  services.nginx.virtualHosts."${vmDomain}" = {
-    forceSSL = true;
-    useACMEHost = "${config.networking.fqdn}";
-    locations."/" = {
-      proxyPass = "http://localhost${builtins.toString config.services.victoriametrics.listenAddress}";
-    };
-  };
-
-}

machines/b4l/services/vikunja.nix

@@ -1,26 +0,0 @@
-{ config, ... }:
-{
-  clan.core.vars.generators.b4l-vikunja = {
-    files.subdomain.secret = false;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Vikunja todo app. Default:(todo)";
-      };
-    };
-
-    script = ''cat $prompts/subdomain || echo "todo" > $out/subdomain'';
-  };
-  services.vikunja = {
-    frontendHostname = "${config.clan.core.vars.generators.b4l-vikunja.files.subdomain.value}.${config.networking.fqdn}";
-  };
-  services.nginx.virtualHosts."${config.services.vikunja.frontendHostname}" = {
-    useACMEHost = "${config.networking.fqdn}";
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "${config.services.vikunja.frontendScheme}://${config.services.vikunja.frontendHostname}:${builtins.toString config.services.vikunja.port}";
-    };
-  };
-}