diff --git a/hosts/Dimaga/default.nix b/hosts/Dimaga/default.nix index 1474bcf..ab11a5f 100644 --- a/hosts/Dimaga/default.nix +++ b/hosts/Dimaga/default.nix @@ -10,8 +10,6 @@ let services-root = "/storage/services"; subdomains = [ - config.secrets.services.airsonic.url - config.secrets.services.cockpit.url config.secrets.services.forgejo.url config.secrets.services.gremlin-lab.url config.secrets.services.jellyfin.url @@ -135,25 +133,6 @@ in enable = true; configText = builtins.readFile ./etc/apcupsd.conf; }; - airsonic = { - enable = true; - autostart = false; - home = "${services-root}/airsonic-advanced"; - domain = config.secrets.networking.primaryDomain; - url = config.secrets.services.airsonic.url; - }; - cockpit = { - enable = true; - domain = config.secrets.networking.primaryDomain; - url = config.secrets.services.cockpit.url; - }; - jellyfin = { - enable = true; - autostart = false; - home = "${services-root}/jellyfin"; - domain = config.secrets.networking.primaryDomain; - url = config.secrets.services.jellyfin.url; - }; autoUpgrade = { enable = false; # Don't update the system... pushUpdates = true; # ...but do push updates remotely. @@ -162,10 +141,6 @@ in user = config.users.users.aires.name; }; boinc.enable = true; - cache = { - enable = false; # Disable for now - secretKeyFile = "${services-root}/nix-cache/cache-priv-key.pem"; - }; duplicacy-web = { enable = true; autostart = false; @@ -182,6 +157,13 @@ in token = config.secrets.services.forgejo.runner-token; }; }; + jellyfin = { + enable = true; + autostart = false; + home = "${services-root}/jellyfin"; + domain = config.secrets.networking.primaryDomain; + url = config.secrets.services.jellyfin.url; + }; msmtp.enable = true; netdata = { enable = true; @@ -224,15 +206,13 @@ in enable = true; ports = [ config.secrets.hosts.dimaga.ssh.port ]; }; - virtualization = { - host = { + virtualization.host = { + enable = true; + user = "aires"; + vmBuilds = { enable = true; - user = "aires"; - vmBuilds = { - enable = true; - cores = 3; - ram = 3072; - }; + cores = 3; + ram = 3072; }; }; }; diff --git a/modules/services/cache.nix b/modules/services/cache.nix deleted file mode 100644 index ed49fac..0000000 --- a/modules/services/cache.nix +++ /dev/null @@ -1,66 +0,0 @@ -# Serves a binary cache for Nix packages -{ config, lib, ... }: - -let - cfg = config.aux.system.services.cache; -in -{ - options = { - aux.system.services.cache = { - enable = lib.mkEnableOption (lib.mdDoc "Enables binary cache hosting."); - secretKeyFile = lib.mkOption { - default = "/var/cache-priv-key.pem"; - type = lib.types.str; - description = "Where the signing key lives."; - }; - }; - }; - - config = lib.mkIf cfg.enable { - # Enable cache service - services = { - nix-serve = { - enable = true; - secretKeyFile = cfg.secretKeyFile; - }; - - nginx.virtualHosts."${config.secrets.services.cache.url}" = { - useACMEHost = config.secrets.networking.primaryDomain; - forceSSL = true; - locations."/" = { - proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; - extraConfig = "proxy_ssl_server_name on;"; - }; - }; - }; - - nix.settings = { - extra-substituters = [ "ssh://${config.secrets.services.cache.url}" ]; - trusted-public-keys = [ - "${config.secrets.services.cache.url}:mTYvveYNhoXttGOxJj2uP0MQ/ZPJce5hY+xSvOxswls=%" - ]; - }; - - # Run nightly builds for certain targets - systemd.timers."nix-distributed-build-timer" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = "true"; - Unit = "nix-distributed-build.service"; - }; - }; - - systemd.services."nix-distributed-build" = { - # Add target names below as a new line - script = '' - set -eu - nh os build --update --hostname Khanda - ''; - serviceConfig = { - Type = "oneshot"; - User = config.users.users.aires.name; - }; - }; - }; -} diff --git a/modules/services/cockpit.nix b/modules/services/cockpit.nix deleted file mode 100644 index 847f24c..0000000 --- a/modules/services/cockpit.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.aux.system.services.cockpit; -in -{ - options = { - aux.system.services.cockpit = { - enable = lib.mkEnableOption "Enables Cockpit monitoring."; - domain = lib.mkOption { - default = ""; - type = lib.types.str; - description = "The root domain that Cockpit will be hosted on."; - example = "example.com"; - }; - url = lib.mkOption { - default = ""; - type = lib.types.str; - description = "The complete URL where Cockpit is hosted."; - example = "https://cockpit.example.com"; - }; - }; - }; - - config = lib.mkIf cfg.enable { - - services = { - nginx.virtualHosts."${cfg.url}" = { - useACMEHost = cfg.domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:9090"; - extraConfig = '' - # Taken from https://garrett.github.io/cockpit-project.github.io/external/wiki/Proxying-Cockpit-over-NGINX - # Required to proxy the connection to Cockpit - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - - # Required for web sockets to function - proxy_http_version 1.1; - proxy_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - }; - - cockpit = { - enable = true; - port = 9090; - settings = { - WebService = { - Origins = "https://${cfg.url} wss://${cfg.url}"; - ProtocolHeader = "X-Forwarded-Proto"; - }; - }; - }; - }; - systemd.services.nginx.wants = [ config.systemd.services.cockpit.name ]; - - }; -} diff --git a/nix-secrets b/nix-secrets index 6ca2175..d57c296 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit 6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46 +Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da