summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorstuebinm2022-01-18 09:43:24 +0100
committerstuebinm2022-01-20 13:19:44 +0100
commit0bcabe1c4b1dd74af233674dfa6c6ec3011ce2c0 (patch)
tree5c58943f99245ff7f745f50b46c34ae288c3e503 /hosts
parentdb83a406bc6e63289e47ff5d2228c08430832655 (diff)
restructuring directories
Diffstat (limited to 'hosts')
-rw-r--r--hosts/abbenay/configuration.nix58
-rw-r--r--hosts/abbenay/hardware-configuration.nix35
-rw-r--r--hosts/chaski/configuration.nix50
-rw-r--r--hosts/chaski/hardware-configuration.nix23
-rw-r--r--hosts/chaski/services/VaaS/.gitignore1
-rw-r--r--hosts/chaski/services/VaaS/CHANGELOG.md5
-rw-r--r--hosts/chaski/services/VaaS/app/Main.hs58
-rw-r--r--hosts/chaski/services/VaaS/default.nix30
-rw-r--r--hosts/chaski/services/VaaS/haskell.cabal35
-rw-r--r--hosts/chaski/services/VaaS/index.html46
-rw-r--r--hosts/chaski/services/exneuland.nix58
-rw-r--r--hosts/chaski/services/geolocation.nix6
-rw-r--r--hosts/chaski/services/gtfs.nix38
-rw-r--r--hosts/chaski/services/jitsi.nix59
-rw-r--r--hosts/chaski/services/uplcg.nix23
-rw-r--r--hosts/chaski/services/woitb.nix32
-rw-r--r--hosts/chaski/services/woitb/index.html124
-rw-r--r--hosts/chaski/services/woitb/info.html180
-rw-r--r--hosts/chaski/services/workadventure.nix93
-rw-r--r--hosts/cyberbox/configuration.nix59
-rw-r--r--hosts/cyberbox/hardware-configuration.nix31
-rw-r--r--hosts/flora/configuration.nix72
-rw-r--r--hosts/flora/hardware-configuration.nix25
-rw-r--r--hosts/flora/services/blog.nix9
-rw-r--r--hosts/flora/services/cgit.nix94
-rw-r--r--hosts/flora/services/daemoniones.nix34
-rw-r--r--hosts/flora/services/dockerhub.nix23
-rw-r--r--hosts/flora/services/hedgedoc.nix77
-rw-r--r--hosts/flora/services/nginx.nix17
-rw-r--r--hosts/flora/services/picarones.nix26
-rw-r--r--hosts/flora/services/pleroma.nix178
-rw-r--r--hosts/flora/services/surveys.nix23
32 files changed, 0 insertions, 1622 deletions
diff --git a/hosts/abbenay/configuration.nix b/hosts/abbenay/configuration.nix
deleted file mode 100644
index 2aabaa7..0000000
--- a/hosts/abbenay/configuration.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./hardware-configuration.nix
- ];
-
- services.flatpak.enable = true;
- services.avahi.enable = true;
- services.avahi.nssmdns = true;
-
- services.xserver = {
- displayManager.gdm.enable = true;
- desktopManager.gnome.enable = true;
- };
- services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false;
-
- environment.systemPackages = with pkgs; [
- gnome3.gnome-tweaks
- flatpak flatpak-builder
- # for mounting samba
- cifs-utils
- ];
-
- networking = {
- hostName = "matthias-nix";
-
- useDHCP = false;
- interfaces.enp3s0.useDHCP = true;
- # networkmanager shouldn't handle nixos container
- networkmanager.unmanaged = [ "interface-name:ve-*" ];
- };
- # nixos containers should have internet access
- networking.nat = {
- enable = true;
- internalInterfaces = ["ve-+"];
- externalInterface = "eth0";
- };
-
- boot = {
- extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
- kernelModules = [ "v4l2loopback" ];
- };
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "20.03"; # Did you read the comment?
-
-}
diff --git a/hosts/abbenay/hardware-configuration.nix b/hosts/abbenay/hardware-configuration.nix
deleted file mode 100644
index 876431d..0000000
--- a/hosts/abbenay/hardware-configuration.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/ba8853b3-6e52-49d6-a250-6d99b8dfe6d6";
- fsType = "ext4";
- };
- fileSystems."/home" =
- { device = "/dev/disk/by-label/nix-space";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/0F28-FE85";
- fsType = "vfat";
- };
-
- swapDevices = [
- { device = "/dev/disk/by-uuid/6e9fddfc-99d2-46d2-bcb4-d8c5e1c19d38"; }
- ];
-
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix
deleted file mode 100644
index ae422cf..0000000
--- a/hosts/chaski/configuration.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- # ./services/workadventure.nix
- #./services/exneuland.nix
- # ./services/jitsi.nix
- ./services/uplcg.nix
- ./services/woitb.nix
- ./services/geolocation.nix
- ./services/gtfs.nix
- ];
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- services.nginx.appendHttpConfig = ''
- access_log off;
- add_header Permissions-Policy "interest-cohort=()";
- '';
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
-
- networking.hostName = "chaski"; # Define your hostname.
-
- # The global useDHCP flag is deprecated, therefore explicitly set to false here.
- # Per-interface useDHCP will be mandatory in the future, so this generated config
- # replicates the default behaviour.
- networking.useDHCP = false;
- networking.interfaces.ens10.useDHCP = true;
- networking.interfaces.ens3.useDHCP = true;
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "20.09"; # Did you read the comment?
-
- boot.loader.grub.devices = [ "/dev/sda" ];
-
-}
diff --git a/hosts/chaski/hardware-configuration.nix b/hosts/chaski/hardware-configuration.nix
deleted file mode 100644
index 54fbcba..0000000
--- a/hosts/chaski/hardware-configuration.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/5beea4aa-5ea3-4518-9b7d-97f289be92ea";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-
-}
diff --git a/hosts/chaski/services/VaaS/.gitignore b/hosts/chaski/services/VaaS/.gitignore
deleted file mode 100644
index b5e3679..0000000
--- a/hosts/chaski/services/VaaS/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-dist-newstyle/*
diff --git a/hosts/chaski/services/VaaS/CHANGELOG.md b/hosts/chaski/services/VaaS/CHANGELOG.md
deleted file mode 100644
index 500a0d0..0000000
--- a/hosts/chaski/services/VaaS/CHANGELOG.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Revision history for haskell
-
-## 0.1.0.0 -- YYYY-mm-dd
-
-* First version. Released on an unsuspecting world.
diff --git a/hosts/chaski/services/VaaS/app/Main.hs b/hosts/chaski/services/VaaS/app/Main.hs
deleted file mode 100644
index b5697d7..0000000
--- a/hosts/chaski/services/VaaS/app/Main.hs
+++ /dev/null
@@ -1,58 +0,0 @@
-{-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE OverloadedStrings #-}
-
-module Main where
-
-import Control.Exception (try)
-import Control.Exception.Base (handle)
-import qualified Data.ByteString as BS
-import Data.ByteString.Base32
-import qualified Data.ByteString.Char8 as C8
-import qualified Data.ByteString.Lazy as LB
-import Data.Maybe (mapMaybe)
-import Network.HTTP.Client (httpLbs, newManager, parseRequest,
- responseBody)
-import Network.HTTP.Client.TLS
-import Network.HTTP.Types
-import Network.Wai
-import Network.Wai.Handler.Warp (run)
-import qualified System.Environment as SE
-import System.Process
-
-simpleResponse = responseLBS status200 [("Content-Type", "text/plain")]
-
-simpleError = responseLBS status400 [("Content-Type", "text/plain")]
-
-serveFile filename = do
- content <- LB.readFile filename
- pure $ responseLBS status200 [("Content-Type", "text/html")] content
-
-app :: FilePath -> FilePath -> Application
-app validator index req respond =
- case requestMethod req of
- "GET" -> case pathInfo req of
- [] -> serveFile index >>= respond
- ["validate"] -> do
- let gtfsuri = head $ mapMaybe (\case { ("gtfs",a) -> Just a; _ -> Nothing }) $ queryString req
- putStrLn $ "uri is " <> show gtfsuri
- case gtfsuri of
- Just uri -> do
- man <- newManager tlsManagerSettings
- request <- parseRequest $ C8.unpack uri
- gtfs <- httpLbs request man
- let filename = "/tmp/" <> C8.unpack (encodeBase32' uri) <> ".zip"
- LB.writeFile filename (responseBody gtfs)
- readProcessWithExitCode "python" [validator,"-n", filename, "--output", "/tmp/gtfs-validated.html"] ""
-
- serveFile "/tmp/gtfs-validated.html" >>= respond
-
- Nothing -> respond $ simpleError "missing gtfs parameter"
- _ -> respond $ simpleError "unknown path"
- _ -> respond $ simpleError "invalid reqeust method"
-
-main :: IO ()
-main = do
- args <- SE.getArgs
- let validator = head args
- putStrLn "http://localhost:7000/"
- run 7000 $ app validator (args!!1)
diff --git a/hosts/chaski/services/VaaS/default.nix b/hosts/chaski/services/VaaS/default.nix
deleted file mode 100644
index 427270c..0000000
--- a/hosts/chaski/services/VaaS/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, compiler ? "default", doBenchmark ? false }:
-
-let
-
- inherit pkgs;
-
- f = { mkDerivation, base, base32, bytestring, http-client
- , http-client-tls, http-types, lib, process, wai, warp
- }:
- mkDerivation {
- pname = "VaaS";
- version = "0.1.0.0";
- src = ./.;
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- base base32 bytestring http-client http-client-tls http-types
- process wai warp
- ];
- license = "unknown";
- hydraPlatforms = lib.platforms.none;
- };
-
- haskellPackages = if compiler == "default"
- then pkgs.haskellPackages
- else pkgs.haskell.packages.${compiler};
-
- variant = if doBenchmark then pkgs.haskell.lib.doBenchmark else pkgs.lib.id;
-in
- variant (haskellPackages.callPackage f {})
diff --git a/hosts/chaski/services/VaaS/haskell.cabal b/hosts/chaski/services/VaaS/haskell.cabal
deleted file mode 100644
index 262b65f..0000000
--- a/hosts/chaski/services/VaaS/haskell.cabal
+++ /dev/null
@@ -1,35 +0,0 @@
-cabal-version: 2.4
-name: VaaS
-version: 0.1.0.0
-
--- A short (one-line) description of the package.
--- synopsis:
-
--- A longer description of the package.
--- description:
-
--- A URL where users can report bugs.
--- bug-reports:
-
--- The license under which the package is released.
--- license:
-author: stuebinm
-maintainer: stuebinm@disroot.org
-
--- A copyright notice.
--- copyright:
--- category:
-extra-source-files: CHANGELOG.md
-
-executable VaaS
- main-is: Main.hs
-
- -- Modules included in this executable, other than Main.
- -- other-modules:
-
- -- LANGUAGE extensions used by modules in this package.
- -- other-extensions:
- build-depends: base ^>=4.14.1.0, wai, warp, http-types, bytestring, process,
- http-client, http-client-tls, base32
- hs-source-dirs: app
- default-language: Haskell2010
diff --git a/hosts/chaski/services/VaaS/index.html b/hosts/chaski/services/VaaS/index.html
deleted file mode 100644
index a7f59e0..0000000
--- a/hosts/chaski/services/VaaS/index.html
+++ /dev/null
@@ -1,46 +0,0 @@
-<!doctype html>
-<html class="no-js" lang="">
- <head>
- <meta charset="utf-8">
- <meta http-equiv="x-ua-compatible" content="ie=edge">
- <title>GTFS Validator</title>
- <meta name="description" content="">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <link rel="apple-touch-icon" href="/apple-touch-icon.png">
- <!-- Place favicon.ico in the root directory -->
-
- </head>
- <body>
- <!--[if lt IE 8]>
- <p class="browserupgrade">
- You are using an <strong>outdated</strong> browser. Please
- <a href="http://browsehappy.com/">upgrade your browser</a> to improve
- your experience.
- </p>
- <![endif]-->
-
- <h1>GTFS Validator</h1>
- <p>
- This runs the validator contained in the
- <a href="https://github.com/google/transitfeed">transitfeed
- git repository
- </a>.
- </p>
-
- <p>Paste the url to your GTFS zip below</p>
-
- <input id="url">
- <button id="submit">Validate</button>
-
- <script>
- let submit = document.getElementById("submit");
- let url = document.getElementById("url");
-
- submit.onclick = () => {
- window.location =
- "/validate?gtfs=" + url.value
- }
- </script>
- </body>
-</html>
diff --git a/hosts/chaski/services/exneuland.nix b/hosts/chaski/services/exneuland.nix
deleted file mode 100644
index 3ec3451..0000000
--- a/hosts/chaski/services/exneuland.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- workadventure-nix = builtins.fetchGit {
- url = "https://stuebinm.eu/git/workadventure-nix";
- ref = "master";
- };
- wapkgs = import "${workadventure-nix.outPath}/wapkgs.nix" {
- inherit pkgs;
- lib = pkgs.lib;
- };
- frontdrv = wapkgs.workadventure-tcm.front.override {
- environment = {
- PUSHER_URL = "https://exneuland.stuebinm.eu/pusher";
- START_ROOM_URL = "/_/global/world.di.c3voc.de/maps/main.json";
- };
- };
- exneuland = import ../../../pkgs/exneuland.nix;
-in
-{
- services.nginx = {
- enable = true;
- recommendedProxySettings = false;
- virtualHosts."exneuland.stuebinm.eu" = {
- root = "${frontdrv}/dist";
- locations."/_/".tryFiles = "/index.html =404";
-
- locations."/pusher" = {
- proxyPass = "http://localhost:4000";
- proxyWebsockets = true;
- extraConfig = ''
- add_header Access-Control-Allow-Origin https://exneuland.stuebinm.eu;
- proxy_pass_request_headers on;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- '';
- };
-
- enableACME = true;
- forceSSL = true;
- };
- };
-
- systemd.services.exneuland = {
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- description = "exneuland backend for workadventure";
- serviceConfig = {
- ExecStart = "${exneuland}/bin/exneuland start";
- Restart = "always";
- };
- };
-}
diff --git a/hosts/chaski/services/geolocation.nix b/hosts/chaski/services/geolocation.nix
deleted file mode 100644
index 4b095bd..0000000
--- a/hosts/chaski/services/geolocation.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- services.nginx.virtualHosts."ilztal.live".locations."/geolocation".root =
- ../../../assets/ilztal.live;
-}
diff --git a/hosts/chaski/services/gtfs.nix b/hosts/chaski/services/gtfs.nix
deleted file mode 100644
index 61837a1..0000000
--- a/hosts/chaski/services/gtfs.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- vaas = import ./VaaS/default.nix {inherit pkgs; };
-
- transitfeed = pkgs.fetchFromGitHub {
- owner = "google";
- repo = "transitfeed";
- rev = "d727e97cb66ac2ca2d699a382ea1d449ee26c2a1";
- sha256 = "0kmcmdja6h7gzvi40c9qfzxh6qwv5184g2rgpqx5rhj4ql9ini3h";
- };
-
- index = pkgs.copyPathToStore ./VaaS/index.html;
-in
-{
- systemd.services.vaas = {
- enable = true;
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- description = "GTFS feed validator as a service";
- path = [ pkgs.python2 pkgs.python2Packages.pytz pkgs.python2Packages.enum34 ];
- serviceConfig = {
- ExecStart = "${vaas}/bin/VaaS ${transitfeed}/feedvalidator.py ${index}";
- Restart = "always";
- PrivateTmp = "true";
- PrivateDevices = "true";
- ProtectSystem = "strict";
- ReadWritePaths = [ "/tmp" ];
- };
-
- };
-
- services.nginx.virtualHosts."gtfs.stuebinm.eu" = {
- enableACME = true;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:7000";
- };
-}
diff --git a/hosts/chaski/services/jitsi.nix b/hosts/chaski/services/jitsi.nix
deleted file mode 100644
index d6f398b..0000000
--- a/hosts/chaski/services/jitsi.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{config, pkgs, ...}:
-
-with pkgs.luaPackages;
-with pkgs;
-let extraLua = import ../../../../playground/jitsi/test.nix;
-in
-
-{
- services.jitsi-meet = {
- enable = true;
- hostName = "jitsi.stuebinm.eu";
- config = {
- enableWelcomePage = true;
- prejoinPageEnabled = true;
- };
- interfaceConfig = {
- SHOW_JITSI_WATERMARK = false;
- SHOW_WATERMARK_FOR_GUESTS = false;
- };
- };
- services.jitsi-videobridge.openFirewall = true;
-
- services.nginx.virtualHosts."api.jitsi.stuebinm.eu" = {
- locations."/room-size" = {
- proxyPass = pkgs.lib.mkForce
- "http://jitsi.stuebinm.eu:5280/room-size?$args&domain=jitsi.stuebinm.eu";
-
- extraConfig = ''
- add_header Access-Control-Allow-Origin *;
- '';
- };
- locations."/room-list" = {
- proxyPass = "http://jitsi.stuebinm.eu:5280/room-list?domain=jitsi.stuebinm.eu";
- extraConfig = ''
- add_header Access-Control-Allow-Origin *;
- '';
- };
- locations."/dashboard/".root =
- pkgs.copyPathToStore ../../../../playground/jitsi/html;
-
- enableACME = true;
- forceSSL = true;
- };
-
- services.nginx.recommendedProxySettings = false;
-
- services.prosody = {
- #extraModules = [ "muc_size2" ];
- extraModules = [ "jitsi_bundled" ];
- extraPluginPaths = [
- (pkgs.copyPathToStore ../../../../playground/jitsi/plugins)
- ];
- package = pkgs.prosody.override {
- withExtraLibs = with extraLua; [ basexx luajwtjitsi net-url ];
- };
- };
-
-
-}
diff --git a/hosts/chaski/services/uplcg.nix b/hosts/chaski/services/uplcg.nix
deleted file mode 100644
index 5605046..0000000
--- a/hosts/chaski/services/uplcg.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
- imports = [
- "${inputs.uplcg.outPath}/module.nix"
- ];
-
- services.uplcg = {
- enable = true;
- port = 9080;
- domain = "0.0.0.0";
- };
-
- services.nginx.enable = true;
- services.nginx.virtualHosts."cards.stuebinm.eu" = {
- locations."/" = {
- proxyPass = "http://localhost:9080";
- proxyWebsockets = true;
- };
- enableACME = true;
- forceSSL = true;
- };
-}
diff --git a/hosts/chaski/services/woitb.nix b/hosts/chaski/services/woitb.nix
deleted file mode 100644
index 0c50617..0000000
--- a/hosts/chaski/services/woitb.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-let
- #sources = ../../nix/sources.nix;
- sources = /home/stuebinm/Dokumente/utils/playground/ilztal/server;
-in
-{
- # systemd.services.woitb = {
- # enable = true;
- # description = "wo ist die ilztalbahn?";
- # wantedBy = [ "multi-user.target" ];
- # serviceConfig.type = "simple";
- # script = "${import sources}/bin/woitb";
- # };
-
- services.nginx.enable = true;
- services.nginx.virtualHosts."ilztal.live" = {
- enableACME = true;
- forceSSL = true;
- locations."/".root = pkgs.copyPathToStore ./woitb;
-
- # locations."/upnext".proxyPass = "http://localhost:8000";
- # locations."/geoloc".proxyPass = "http://localhost:8000";
- };
-
- services.nginx.virtualHosts."track.ilztal.live" = {
- enableACME = true;
- forceSSL = true;
- locations."/".root = inputs.tracktrain;
- };
-
-}
diff --git a/hosts/chaski/services/woitb/index.html b/hosts/chaski/services/woitb/index.html
deleted file mode 100644
index 8d08826..0000000
--- a/hosts/chaski/services/woitb/index.html
+++ /dev/null
@@ -1,124 +0,0 @@
-<!DOCTYPE html>
-<html lang="de"><head>
-<meta http-equiv="content-type" content="text/html; charset=UTF-8">
- <meta charset="utf-8">
- <meta http-equiv="x-ua-compatible" content="ie=edge">
- <title>Wo ist die Ilztalbahn?</title>
- <meta name="description" content="">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <link rel="apple-touch-icon" href="https://ilztal.live/apple-touch-icon.png">
- <!-- Place favicon.ico in the root directory -->
- <style>
-
- body {
- background-color: olivedrab;
- color: white;
- font-family: "Sans Serif";
- max-width: 60em;
- margin-left: auto;
- margin-right: auto;
- margin-top: 4em;
- }
-
- body > p, #sonst p {
- text-align: center;
- margin-bottom: 4rem;
- }
-
- section > p {
- text-align: center;
- }
-
- a {
- text-decoration: none;
- }
-
- h1, h2, h3 {
- font-weight: lighter
- }
-
- h1 {
- font-size: 40pt;
- text-align: center;
- }
-
- @media only screen and (max-width: 1000px) {
- h1 {
- font-size: 30pt;
- }
- body {
- margin: 1em;
- }
- }
-
- h2 {
- font-size: 23pt;
- }
-
- tr {
- background-color: white;
- color: black;
- }
-
- td {
- margin-left: 0;
- padding: 0.5em;
- }
-
- #wo {
- color: black;
- background-color: white;
- padding: 1em;
- max-width: 40em;
- margin: auto;
- font-weight: bold;
- }
-
- #wo div h2 {
- margin-left: 2rem;
- }
-
- #wo div p {
- margin-left: 3rem;
- }
-
- #fahrplan {
- margin: auto;
- max-width: 40em;
- }
-
- #fahrplan table tr td:last-child {
- min-width: 70%;
- }
-
- #fahrplan table {
- width: 100%;
- }
-
- </style>
- </head>
- <body>
- <!--[if lt IE 8]>
- <p class="browserupgrade">
- You are using an <strong>outdated</strong> browser. Please
- <a href="http://browsehappy.com/">upgrade your browser</a> to improve
- your experience.
- </p>
- <![endif]-->
-
- <h1>Wo ist die <a href="https://ilztalbahn.eu/">Ilztalbahn</a> gerade?</h1>
-
- <p>(es gibt eh nur eine)</p>
-
- <div id="root"><main id=""><h2 id="">Gerade nicht unterwegs</h2><div id="wo"><h2 id="">Nächste Fahrt 2022</h2><p id="">Fahrplan ist noch nicht bekannt.</p></div></main></div>
-
- <section>
- <p>Andere Abfahrten ab Passau <a href="https://marudor.de/NPA">via marudor.de</a> | <a href="https://iris.noncd.db.de/wbt/js/index.html?bhf=NPA&amp;Zeilen=20">via Iris der DB</a></p>
-
- <p style="margin-top:3em">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="https://ilztal.live/info.html">Weitere Infos</a>)</p>
- </section>
-
-
-
-</body></html>
diff --git a/hosts/chaski/services/woitb/info.html b/hosts/chaski/services/woitb/info.html
deleted file mode 100644
index e68d728..0000000
--- a/hosts/chaski/services/woitb/info.html
+++ /dev/null
@@ -1,180 +0,0 @@
-<!doctype html>
-<html lang="de">
- <head>
- <meta charset="utf-8">
- <meta http-equiv="x-ua-compatible" content="ie=edge">
- <title>Wo ist die Ilztalbahn?</title>
- <meta name="description" content="">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <link rel="apple-touch-icon" href="/apple-touch-icon.png">
- <!-- Place favicon.ico in the root directory -->
- <style>
-
- body {
- background-color: olivedrab;
- color: white;
- font-family: "Sans Serif";
- max-width: 60em;
- margin-left: auto;
- margin-right: auto;
- margin-top: 4em;
- }
-
- body > p, #sonst p {
- text-align: center;
- margin-bottom: 4rem;
- }
-
- section > p {
- text-align: center;
- }
-
- a {
- text-decoration: none;
- }
-
- h1, h2, h3 {
- font-weight: lighter
- }
-
- h1 {
- font-size: 40pt;
- text-align: center;
- }
-
- @media only screen and (max-width: 1000px) {
- h1 {
- font-size: 30pt;
- }
- body {
- margin: 1em;
- }
- }
-
- h2 {
- font-size: 23pt;
- }
-
- tr {
- background-color: white;
- color: black;
- }
-
- td {
- margin-left: 0;
- padding: 0.5em;
- }
-
- #wo {
- color: black;
- background-color: white;
- padding: 1em;
- max-width: 40em;
- margin: auto;
- font-weight: bold;
- }
-
- #wo div h2 {
- margin-left: 2rem;
- }
-
- #wo div p {
- margin-left: 3rem;
- }
-
- #fahrplan {
- margin: auto;
- max-width: 40em;
- }
-
- #fahrplan table tr td:last-child {
- min-width: 70%;
- }
-
- #fahrplan table {
- width: 100%;
- }
-
- </style>
- </head>
- <body>
- <!--[if lt IE 8]>
- <p class="browserupgrade">
- You are using an <strong>outdated</strong> browser. Please
- <a href="http://browsehappy.com/">upgrade your browser</a> to improve
- your experience.
- </p>
- <![endif]-->
-
- <h1><a href="index.html">Wo ist die Ilztalbahn</a> – Über</h1>
-
- <main>
- <h2>Was ist das hier?</h2>
- <p>
- Diese Webseite zeigt den Fahrplan der <a href="https://ilztalbahn.eu">Ilztalbahn</a> an,
- und macht sonst nicht viel. Bitte beachtet, dass diese Seite nicht von der Ilztalbahn GmbH,
- dem Förderverein o.ä. betrieben wird, sondern nur ein privates Projekt einer einzelnen Person
- ohne jede Verfügbarkeitsgarantie ist.
- </p>
-
- <h2>Wie funktioniert das?</h2>
- <p>
- Die Ilztalbahn bietet ihren Fahrplan im offenen Standard <a href="https://gtfs.org/">GTFS</a>
- an. Weil GTFS an einigen Stellen ein manchmal schwer zu benutzender Standard ist (und nicht
- jeder Besuch dieser Webseite einen Aufruf des GTFS der Ilztalbahn triggern muss), hängt noch
- ein kleiner Server dazwischen der die relevanten Teile in JSON übersetzt.
- </p>
- <p>
- Der Fahrplan ist jeweils für einen ganzen Sommer gültig, und wird auch währenddessen
- (soweit ich sehen kann) nicht verändert oder aktualisiert — es gibt also keinerlei Garantie,
- dass die Daten hier korrekt sind!
- </p>
-
- <h2>Gibt es das auch als App?</h2>
- <p>
- Aktuell nicht. Wenn ihr die Webseite im Browser offen lasst, sollte sie sich aber auch offline
- noch automatisch aktualisieren.
- </p>
-
- <h2>Werden Verspätungen/etc. angezeigt?</h2>
- <p>
- Leider nein. Es gibt für einige Fahrten der Ilztalbahn zwar Echtzeitdaten von der DB, diese
- sind aber nicht im Datensatz der Ilztalbahn enthalten. Vielleicht kommen die hier noch
- irgendwann mit rein, solange könnt ihr sie (falls es sie gibt) bei
- <a href="https://marudor.de/Passau%20Hbf">marudor.de</a> anschauen.
- </p>
-
- <h2>Gibts hier Quellcode zu?</h2>
- <p>
- Ja klar, hier: <a href="https://stuebinm.eu/git/woitb">git-Repository</a>
- </p>
-
- <h2>Datenschutz?</h2>
- <p>
- Diese Seite läuft aktuell auf einer kleinen vps bei <a href="https://hetzner.de">Hetzner</a>,
- geloggt werden aktuell nur Zugriffe, aber keine IP-Adressen.
- </p>
-
- <h2>Wer macht das hier?</h2>
- <p>
- Auch nur so ein Mensch im Internet. Falls ihr wollt könnt ihr
- <a href="https://pleroma.stuebinm.eu/stuebinm">auf meinem Pleroma</a> vorbeischauen.
- </p>
-
- <h2>Ich hab ne Idee für ein Feature!</h2>
- <p>
- Schreibt mich über Pleroma an, vielleicht habe ich Zeit und Lust es einzubauen.
- </p>
-
- <h2>Ich hab ein Feature dazuimplementiert!</h2>
- <p>
- Cool! Schick mir gerne nen Patch! (Mail ist im Repository)
- </p>
- </main>
- <section>
- <p style="margin-top:3em;">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="info.html">Weitere Infos</a>)</p>
- </section>
-
- </body>
-</html>
diff --git a/hosts/chaski/services/workadventure.nix b/hosts/chaski/services/workadventure.nix
deleted file mode 100644
index c2b704f..0000000
--- a/hosts/chaski/services/workadventure.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{pkgs, lib, config, ...}:
-
-let
- sources = import ../../../nix/sources.nix {};
- # why the double outPath? Dunno, just niv things …
- workadventure-nix = sources.workadventure.outPath.outPath;
- packageset = (
- import "${workadventure-nix}/wapkgs.nix" {
- inherit pkgs lib;
- }
- ).workadventure-xce;
-in
-{
- # not the most intuitive of container names, but "workadventure" is too long
- containers.wa-space = {
-
- # we'll need the outer config to get the turn secret inside the container,
- # and I'm feeling haskelly so config' it is!
- config = let config' = config; in {config, pkgs, ...}: {
- imports = [ workadventure-nix ];
- networking.firewall.allowedTCPPorts = [ 80 ];
-
- services.workadventure."space.stuebinm.eu" = {
- inherit packageset;
-
- nginx = {
- default = true;
- domain = "space.stuebinm.eu";
- maps.serve = true;
- maps.path = "/workadventuremaps/";
- };
-
- frontend.startRoomUrl = "/_/global/space.stuebinm.eu/maps/Floor0/floor0.json";
-
- commonConfig = {
- webrtc.stun.url = "stun:space.stuebinm.eu:3478";
- webrtc.turn = {
- url = "turn:95.217.159.23";
- user = "turn";
- password = config'.services.coturn.static-auth-secret;
- };
- jitsi.url = "meet.ffmuc.net";
- };
- };
- };
-
- privateNetwork = true;
- hostAddress6 = "fd00::42:14";
- localAddress6 = "fd00::42:16";
-
- autoStart = true;
-
- };
-
- services.coturn = {
- enable = true;
- realm = "turn.hacc.space";
- # this is a static "secret" that is also compiled into workadventure,
- # so it seems ok to put it into the nix store
- static-auth-secret = "1c496cea367f9608c77a754c1ef78079a512e013";
- use-auth-secret = true;
- no-cli = true;
- no-tcp-relay = true;
-
- cert = config.security.acme.certs."space.stuebinm.eu".directory + "full.pem";
- pkey = config.security.acme.certs."space.stuebinm.eu".directory + "key.pem";
- };
-
-
- services.nginx = {
- virtualHosts."space.stuebinm.eu" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://[${config.containers.wa-space.localAddress6}]";
- proxyWebsockets = true;
- };
- };
- };
-
-
- networking.firewall = with config.services.coturn;
- let
- ports = [ listening-port tls-listening-port ];
- in {
- allowedTCPPorts = [ 80 ] ++ ports;
- allowedUDPPorts = ports;
- allowedUDPPortRanges = [
- { from = min-port; to = max-port; }
- ];
- };
-
-}
diff --git a/hosts/cyberbox/configuration.nix b/hosts/cyberbox/configuration.nix
deleted file mode 100644
index 47ffaad..0000000
--- a/hosts/cyberbox/configuration.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./hardware-configuration.nix
- ];
-
- # laptop power things
- services.tlp.enable = true;
-
- programs.light.enable = true;
- programs.slock.enable = true;
-
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
- networking = {
- hostName = "cyberbox"; # Define your hostname.
- networkmanager.enable = true;
- useDHCP = false;
- interfaces.enp0s25.useDHCP = true;
- interfaces.wlp3s0.useDHCP = true;
- };
-
-
- # Enable the X11 windowing system.
- services.xserver.enable = true;
-
- # entrypoint for emacs configured with home-manager
- # (must be available on the user's $PATH)
- services.xserver.windowManager.session = pkgs.lib.singleton {
- name = "exwm";
- start = "emacs -l ${pkgs.writeText "emacs-exwm-load" ''
- (require 'exwm-config)
- (exwm-config-default)
- (defvar inexwm t)
- ''}";
- };
-
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
-
- # Enable touchpad support (enabled default in most desktopManager).
- services.xserver.libinput.enable = true;
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "20.09"; # Did you read the comment?
-
-}
-
diff --git a/hosts/cyberbox/hardware-configuration.nix b/hosts/cyberbox/hardware-configuration.nix
deleted file mode 100644
index a724f02..0000000
--- a/hosts/cyberbox/hardware-configuration.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/70a8042c-c5b5-4faa-8019-0eb042fbdf00";
- fsType = "ext4";
- };
-
- boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/e53c9b77-5e00-40a0-bbda-62978b7b3000";
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/60cda588-b262-4394-8d38-284109a08a59";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix
deleted file mode 100644
index b2699b7..0000000
--- a/hosts/flora/configuration.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./hardware-configuration.nix
- # ./services/hedgedoc.nix
- #./services/daemoniones.nix
- ./services/nginx.nix
- ./services/pleroma.nix
- ./services/cgit.nix
- # ./services/surveys.nix
- #./services/picarones.nix
- ./services/dockerhub.nix
- ./services/blog.nix
- ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.devices = [ "/dev/sda" ];
-
- networking = {
- hostName = "flora";
-
- enableIPv6 = true;
- defaultGateway6 = {
- address = "fe80::1";
- interface = "ens3";
- };
-
- interfaces.ens3.ipv6.addresses = [ {
- address = "2a01:4f9:c010:df15::1";
- prefixLength = 64;
- } ];
-
- useDHCP = false;
- interfaces.ens3.useDHCP = true;
-
- firewall.logRefusedConnections = false;
-
-
- };
-
- services.fail2ban = {
- enable = true;
- bantime-increment.enable = true;
- bantime-increment.overalljails = true;
- bantime-increment.maxtime = "1312m";
- ignoreIP = [ "88.133.194.232" ];
- };
-
- services.logrotate = {
- enable = true;
- paths.nginx = {
- path = "/var/log/nginx";
- frequency = "weekly";
- };
- };
-
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system = {
- stateVersion = "20.09"; # Did you read the comment?
- };
-
-}
-
diff --git a/hosts/flora/hardware-configuration.nix b/hosts/flora/hardware-configuration.nix
deleted file mode 100644
index 2ce21f4..0000000
--- a/hosts/flora/hardware-configuration.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ modulesPath, config, lib, pkgs, inputs, ... }:
-
-{
- imports =
- [ "${modulesPath}/profiles/qemu-guest.nix"
- ];
-
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/5d31cad5-9076-4d2f-93f6-6af817bc368b";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 1;
-}
-
diff --git a/hosts/flora/services/blog.nix b/hosts/flora/services/blog.nix
deleted file mode 100644
index 056a63b..0000000
--- a/hosts/flora/services/blog.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
- services.nginx.virtualHosts."stuebinm.eu" = {
- enableACME = true;
- forceSSL = true;
- locations."/".root = (import inputs.blog);
- };
-}
diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix
deleted file mode 100644
index 094bfd5..0000000
--- a/hosts/flora/services/cgit.nix
+++ /dev/null
@@ -1,94 +0,0 @@
-{pkgs, config, ...}:
-
-{
- containers.cgit = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:12";
- localAddress6 = "fd00::42:13";
-
- bindMounts."/git" = {
- hostPath = "/var/git/public";
- isReadOnly = true;
- };
-
- config = {pkgs, config, ...}: {
- services.lighttpd.enable = true;
- services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
- services.lighttpd.cgit = {
- enable = true;
- subdir = "git";
- configText = ''
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
- cache-size=1000
- logo=/git/cgit.png
- favicon=/git/favicon.ico
-
- # take css from an assumed repo `config`
- css=/git/config/plain/cgit.css
-
- # remove .git extensions from repo names
- remove-suffix=1
-
- # readme formats which may be parsed
- readme=:README.md
- readme=:README
- readme=:README.txt
- readme=:README.org
-
- # allow cloning repos
- enable-http-clone=1
-
- enable-follow-links=1
- enable-html-serving=1
- enable-index-owner=0
-
- mimetype.css=text/css
- mimetype.jpg=image/jpeg
- mimetype.jpeg=image/jpeg
- mimetype.pdf=application/pdf
- mimetype.png=image/png
- mimetype.svg=image/svg+xml
-
- # some nice formatting
- root-title=An Assortment of Stuff
- root-desc=hand-squished into git repos
- enable-commit-graph=1
- enable-log-linecount=1
- enable-log-filecount=1
- branch-sort=age
- # suppress email addresses in html logs
- noplainemail=1
-
- # maximum file size for plain blobs in kilobyte
- max-blob-size=100
-
- cache-scanrc-ttl=1
-
- scan-path=/git
- '';
- };
-
- networking.firewall.allowedTCPPorts = [ 80 ];
- };
- };
-
- services.nginx.recommendedProxySettings = true;
- services.nginx.virtualHosts."stuebinm.eu" = {
- locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
- enableACME = true;
- forceSSL = true;
- };
-
- # user for git repo administration
- users.users.git = {
- openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
- home = "/var/git";
- isNormalUser = true;
- packages = [ pkgs.git ];
- };
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-}
diff --git a/hosts/flora/services/daemoniones.nix b/hosts/flora/services/daemoniones.nix
deleted file mode 100644
index ae9d3cb..0000000
--- a/hosts/flora/services/daemoniones.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, pkgs, ...}:
-
-{
- systemd.services =
- let simpledaemon = name: command: {
- enable = true;
- description = name;
- wantedBy = [ "multi-user.target" ];
- serviceConfig.Type = "simple";
- script = command;
- };
- in {
- choclo = simpledaemon "choclo signalling server" "/root/simple-signalling/target/release/chaski -b 127.0.0.1:5000";
- wasi = simpledaemon "wasi backend" "/root/wasi-minimal/target/release/wasi";
-# picarones = simpledaemon "picarones backend" "/root/picarones-server/target/release/picarones -b 127.0.0.1:6000";
- };
-
- services.nginx = {
- virtualHosts =
- let websocketproxy = addr: {
- locations."/".proxyPass = addr;
- forceSSL = true;
- enableACME = true;
- locations."/".proxyWebsockets = true;
- };
- in {
- "wasi.stuebinm.eu" = websocketproxy "http://127.0.0.1:9000";
- "choclo.stuebinm.eu" = websocketproxy "http://127.0.0.1:5000";
-# "picarones.stuebinm.eu" = websocketproxy "http://127.0.0.1:6000";
- };
- };
-
-
-}
diff --git a/hosts/flora/services/dockerhub.nix b/hosts/flora/services/dockerhub.nix
deleted file mode 100644
index c9b84b3..0000000
--- a/hosts/flora/services/dockerhub.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- services.dockerRegistry = {
- enable = true;
- port = 6000;
- enableRedisCache = false;
- extraConfig = {
- storage.maintenance.readonly.enabled = true;
- };
- };
-
- services.nginx.virtualHosts."registry.stuebinm.eu" = {
- locations."/" = {
- proxyPass = "http://localhost:6000";
- proxyWebsockets = true;
- };
- enableACME = true;
- forceSSL = true;
- };
-
- services.nginx.clientMaxBodySize = "0";
-}
diff --git a/hosts/flora/services/hedgedoc.nix b/hosts/flora/services/hedgedoc.nix
deleted file mode 100644
index 038f99f..0000000
--- a/hosts/flora/services/hedgedoc.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: {
- src = pkgs.fetchgit {
- url = "https://stuebinm.eu/git/hedgedoc";
- rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3";
- sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c";
- };
- });
-in
-{
- # Container containing CodiMD and its database
- # has its own internal network; needs a reverse-proxy to be reachable from the outside
- # TODO: persistent memory for pads
- containers.codimd = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:10";
- localAddress6 = "fd00::42:11";
-
- config = {config, pkgs, ... }: {
- # open CodiMD port
- networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ];
-
- # database (postgres 11), with default database reachable for CodiMD; no imperative config needed!
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql_11;
- ensureDatabases = [ "codimd" ];
- ensureUsers = [ {
- name = "hedgedoc";
- ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";};
- } ];
- # ugly workaround to allow CodiMD to login without password — this service has lots of options,
- # but apparently not for authentification, which even needs to be forced …
- authentication = pkgs.lib.mkForce ''
- # Generated file; do not edit!
- local all all trust
- host codimd hedgedoc ::1/18 trust
- host codimd codimd ::1/128 trust
- '';
- };
- # CodiMD itself
- services.hedgedoc = {
- enable = true;
- workDir = "/var/codimd/";
- configuration = {
- dbURL = "postgres:///codimd";
- port = 3000;
- domain = "nix.stuebinm.eu";
- urlAddPort = false;
- protocolUseSSL = true;
- allowPDFExport = true;
- host = "::";
- allowEmailRegister = false;
- allowFreeURL = true;
- uploadsPath = "/var/codimd/uploads";
- #email = false;
- };
- };
-
- systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc";
- };
- };
-
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- services.nginx.virtualHosts."nix.stuebinm.eu" = {
- locations."/" = {
- proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000";
- proxyWebsockets = true;
- };
- forceSSL = true;
- enableACME = true;
- };
-}
diff --git a/hosts/flora/services/nginx.nix b/hosts/flora/services/nginx.nix
deleted file mode 100644
index bbcacb7..0000000
--- a/hosts/flora/services/nginx.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- services.nginx = {
- enable = true;
-
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- recommendedProxySettings = true;
-
- appendHttpConfig = ''
- add_header Permissions-Policy "interest-cohort=()";
- '';
- };
-}
diff --git a/hosts/flora/services/picarones.nix b/hosts/flora/services/picarones.nix
deleted file mode 100644
index c2e3c7b..0000000
--- a/hosts/flora/services/picarones.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{config, pkgs, ...}:
-let
- source = builtins.fetchGit {
- url = "https://stuebinm.eu/git/picarones/";
- rev = "0596b9f6c561daa67945adb81570efd30650dffd";
- };
-in
-{
-
- imports = [ source.outPath ];
-
- services.picarones = {
- enable = true;
- frontend = {
- enable = true;
- domain = "picarones.stuebinm.eu";
- proxyBackend = true;
- config = {
- enableACME = true;
- forceSSL = true;
- };
- };
- };
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-}
diff --git a/hosts/flora/services/pleroma.nix b/hosts/flora/services/pleroma.nix
deleted file mode 100644
index e0f60ed..0000000
--- a/hosts/flora/services/pleroma.nix
+++ /dev/null
@@ -1,178 +0,0 @@
-{config, pkgs, inputs, ...}:
-
-
-let
- domain = "pleroma.stuebinm.eu";
-in
-{
-
- containers.pleroma = {
- autoStart = true;
- privateNetwork = true;
-
- hostAddress = "192.168.42.30";
- localAddress = "192.168.42.31";
- hostAddress6 = "fd00::42:30";
- localAddress6 = "fd00::42:31";
-
-
- config = {pkgs, config, ...}: {
-
- # generating the manual will fail when mixing nixos channels,
- # so disable it here or this won't build at all.
- documentation.enable = false;
-
- # pleroma has a cli tool for configuration
- environment.systemPackages = [ pkgs.dnsutils ];
-
- services.pleroma = {
- enable = true;
-
-
- # package = (import inputs.nixpkgs-unstable {}).pleroma;
-
- # this is barely necessary at this point — all that's
- # set in here is the default_signer for joken, and the
- # secret_key_base and signing_salt for phoenix.
- secretConfigFile = "/var/lib/pleroma/secrets.exs";
-
- # for a list of available config options, see
- # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/
- #
- # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo)
- # are better documented in their respective libraries (in this
- # case, see the documentation for Ecto on Adapters).
- configs = [ ''
- import Config
-
- config :pleroma, Pleroma.Web.Endpoint,
- url: [host: "${domain}", scheme: "https", port: 443],
- http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000]
-
- config :pleroma, :instance,
- name: "Pleroma",
- limit: 5000,
- registrations_open: false,
- federating: true,
- healthcheck: true,
- allow_relay: true
-
- config :pleroma, :media_proxy,
- enabled: false,
- redirect_on_failure: true
-
- config :pleroma, Pleroma.Upload,
- filters: [
- Pleroma.Upload.Filter.Exiftool,
- Pleroma.Upload.Filter.AnonymizeFilename,
- Pleroma.Upload.Filter.Dedupe
- ]
-
- config :pleroma, Pleroma.Uploaders.Local,
- uploads: "/var/lib/pleroma/uploads"
-
- config :pleroma, Pleroma.Repo,
- adapter: Ecto.Adapters.Postgres,
- username: "pleroma",
- database: "pleroma",
- socket_dir: "/run/postgresql",
- pool_size: 10,
- prepare: :named,
- parameters: [
- plan_cache_mode: "force_custom_plan"
- ]
-
-
-
- config :pleroma, :database, rum_enabled: false
- config :pleroma, configurable_from_database: false
-
- config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
-
- '' ];
- };
-
- # otherwise, the exiftool will fail to run
- systemd.services.pleroma.path = [ pkgs.exiftool ];
-
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql_12;
-
- ensureDatabases = [ "pleroma" ];
- ensureUsers = [ {
- name = "pleroma";
- ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES";
- } ];
-
- # give pleroma access. must be done with lib.mkForce, for some reason
- authentication = pkgs.lib.mkForce ''
- # Generated file; do not edit!
- local all all trust
- host pleroma pleroma ::1/128 trust
- '';
-
- # pleroma wants to do some initial config on startup, which it
- # can't do by itself since those needs superuser access
- #
- # unfortunatly, this is executed /before/ the database is created,
- # i.e. we have to create user and database by hand, even though
- # they would otherwise created by ensureUsers / ensureDatabse.
- # Using those does still prevent us from accidentally deleting
- # them, though (but not from deleting the database's content!)
- initialScript = pkgs.writeScript "postgres-pleroma-initial" ''
- CREATE USER pleroma;
- CREATE DATABASE pleroma OWNER pleroma;
- \c pleroma;
- --Extensions made by ecto.migrate that need superuser access
- CREATE EXTENSION IF NOT EXISTS citext;
- CREATE EXTENSION IF NOT EXISTS pg_trgm;
- CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
- '';
- };
-
- networking.firewall.allowedTCPPorts = [ 4000 10022 ];
- };
- };
-
- # give the container access to the external internet (necessary for
- # fetching content from other instances). Doesn't appear to work with
- # IPv6, though ...
- networking.nat = {
- enable = true;
- internalInterfaces = [ "ve-pleroma" ];
- externalInterface = "ens3";
-
- };
- networking.firewall.allowedTCPPorts = [ 10022 ];
-
- services.nginx.virtualHosts."${domain}" = {
- forceSSL = true;
- enableACME = true;
-
- locations."/" = {
- proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000";
- proxyWebsockets = true;
- # these headers are in the example config in the NixOS manual.
- # take some time to figure out what they all do, and if these
- # are necessary
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
- add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
- add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
- if ($request_method = OPTIONS) {
- return 204;
- }
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Permitted-Cross-Domain-Policies none;
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- add_header Referrer-Policy same-origin;
- add_header X-Download-Options noopen;
- client_max_body_size 16m;
- '';
- };
- };
-}
-
diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix
deleted file mode 100644
index befa673..0000000
--- a/hosts/flora/services/surveys.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{pkgs, config, ...}:
-
-let survey = pkgs.fetchgit {
- url = "https://stuebinm.eu/git/slightly-better-surveys";
- rev = "c255269db0c739400b62d4c4041e3238b1045d22";
- sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp";
- };
-in
-{
- services.nginx.virtualHosts."survey.stuebinm.eu" = {
- locations."/".root = survey.outPath + "/site";
- locations."/upload".proxyPass = "http://localhost:8080";
-
- enableACME = true;
- forceSSL = true;
- };
-
- services.nginx.appendHttpConfig = ''
- types {
- application/wasm wasm;
- }
- '';
-}