diff --git a/hosts/dingserver/caddy.nix b/hosts/dingserver/caddy.nix deleted file mode 100644 index 5757e20..0000000 --- a/hosts/dingserver/caddy.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - networking.firewall.allowedTCPPorts = [80 8448 443]; - - services.caddy = { - enable = true; - virtualHosts = { - "http://metrics.town" = { - extraConfig = '' - reverse_proxy http://localhost:3000 - ''; - }; - - "matrix.broccoli.town" = { - extraConfig = '' - reverse_proxy /_matrix/* http://localhost:8008 - reverse_proxy /_synapse/client/* http://localhost:8008 - ''; - }; - - "broccoli.town:8448" = { - extraConfig = '' - reverse_proxy http://localhost:8008 - ''; - }; - - "broccoli.town" = { - extraConfig = '' - header /.well-known/* "Access-Control-Allow-Origin" "*" - respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}" - - reverse_proxy /_matrix/* http://localhost:8008 - reverse_proxy /_synapse/client/* http://localhost:8008 - - redir / https://chat.broccoli.town - ''; - }; - - "chat.broccoli.town" = { - extraConfig = '' - header { - X-Frame-Options "SAMEORIGIN" - X-XSS-Protection "1; mode=block" - X-Content-Type-Options "nosniff" - X-Robots-Tag "noindex, noarchive, nofollow" - } - root * ${ - pkgs.element-web.override { - conf = { - default_server_config."m.homeserver" = { - "base_url" = "https://broccoli.town"; - "server_name" = "broccoli.town"; - }; - }; - } - } - file_server - ''; - }; - - "danielpatterson.dev" = { - extraConfig = '' - root * /srv/site/danielpatterson.dev - encode zstd gzip - file_server - ''; - }; - - "movies.danielpatterson.dev" = { - extraConfig = '' - reverse_proxy localhost:8096 - ''; - }; - - "dingserver.squirrel-clownfish.ts.net" = { - extraConfig = '' - tls { - get_certificate tailscale - } - reverse_proxy localhost:9091 - ''; - }; - }; - }; -} diff --git a/hosts/dingserver/configuration.nix b/hosts/dingserver/configuration.nix index 67075e1..5306083 100644 --- a/hosts/dingserver/configuration.nix +++ b/hosts/dingserver/configuration.nix @@ -8,10 +8,6 @@ # Include the results of the hardware scan. ../common ./hardware-configuration.nix - ./caddy.nix - ./prometheus.nix - ./rclone.nix - ./synapse.nix ./tmux.nix ]; @@ -35,18 +31,6 @@ }; }; - services.jellyfin.enable = true; - - services.transmission = { - enable = true; - settings = { - rpc-host-whitelist-enable = true; - rpc-host-whitelist = "dingserver.squirrel-clownfish.ts.net"; - }; - }; - - services.tailscale.permitCertUid = "caddy"; - environment.systemPackages = with pkgs; [ helix kitty # For terminfo diff --git a/hosts/dingserver/prometheus.nix b/hosts/dingserver/prometheus.nix deleted file mode 100644 index e6e1d83..0000000 --- a/hosts/dingserver/prometheus.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - services.grafana = { - enable = true; - }; - - services.prometheus = { - enable = true; - exporters = { - }; - - scrapeConfigs = [ - { - job_name = "synapse"; - metrics_path = "/_synapse/metrics"; - static_configs = [ - { - targets = ["localhost:9000"]; - } - ]; - } - ]; - }; -} diff --git a/hosts/dingserver/rclone.nix b/hosts/dingserver/rclone.nix deleted file mode 100644 index 937b570..0000000 --- a/hosts/dingserver/rclone.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - pkgs, - config, - ... -}: let - mountdir = "/var/media/dungflix"; - - rclone_config = pkgs.writeText "" '' - [dungflix] - type = b2 - - [dungflix-vault] - type = crypt - remote = dungflix:dungflix-bucket - ''; -in { - age.secrets = { - dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age; - dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age; - dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age; - }; - systemd.services.dungflix-mount = { - description = "Mount the Backblaze B2 media store"; - wantedBy = ["multi-user.target"]; - path = [pkgs.fuse]; - preStart = '' - mkdir -p -m 777 ${mountdir} - ''; - script = '' - export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path}) - export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path}) - export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path}) - ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount dungflix-vault: ${mountdir} \ - --transfers 32 \ - --vfs-cache-mode full \ - --vfs-cache-max-age 168h \ - --vfs-cache-max-size 100G \ - --allow-other \ - --no-modtime \ - --buffer-size 2G \ - --rc \ - --rc-no-auth \ - -vv - ''; - postStart = '' - sleep 5 - ${pkgs.rclone}/bin/rclone --config="${rclone_config}" rc vfs/refresh recursive=true _async=true - ''; - serviceConfig = { - Restart = "on-failure"; - }; - }; -} diff --git a/hosts/dingserver/synapse.nix b/hosts/dingserver/synapse.nix deleted file mode 100644 index 578157e..0000000 --- a/hosts/dingserver/synapse.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - fqdn = "matrix.broccoli.town"; -in { - services.postgresql = { - enable = true; - }; - - services.matrix-synapse = { - enable = true; - settings = { - enable_metrics = true; - server_name = "broccoli.town"; - database = { - name = "psycopg2"; - args = { - database = "synapse"; - user = "matrix-synapse"; - }; - }; - max_upload_size = "50M"; - listeners = [ - { - port = 8008; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = ["client" "federation"]; - compress = false; - } - ]; - } - { - port = 9000; - type = "metrics"; - tls = false; - bind_addresses = [ - "0.0.0.0" - ]; - resources = [ - ]; - } - ]; - }; - }; -}