3 files changed, 41 insertions, 169 deletions

diff --git a/chaski/services/chat.nix b/chaski/services/chat.nix
index 6d26ada..484a3b9 100644
--- a/chaski/services/chat.nix
+++ b/chaski/services/chat.nix
@@ -4,7 +4,7 @@
 # (and not deal with having an irc relay)
 {
 
-  imports = [ inputs.home-manager.nixosModule ];
+  imports = [ inputs.home-manager.nixosModules.default ];
 
   programs.mosh.enable = true;
   programs.fish.enable = true;
diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix
new file mode 100644
index 0000000..80153e4
--- /dev/null
+++ b/chaski/services/headscale.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # services.headscale = {
+  #   enable = true;
+  #   settings = {
+  #     server_url = "https://headscale.noms.ing";
+  #     listen_addr = "127.0.0.1:8323";
+
+  #     # oidc = {
+  #     #   only_start_if_oidc_is_available = true;
+  #     #   issuer = "https://idm.cuties.network/oauth2/openid/headscale";
+  #     #   client_id = "headscale";
+  #     #   client_secret_path = "/run/secrets/headscale_oidc_secret";
+  #     #   strip_email_domain = true;
+  #     # };
+
+  #     # dns_config.magic_dns = true;
+  #     # dns_config.domains = [ "nodes.headscale.noms.ing" ];
+  #     # dns_config.base_domain = "ts.cuties.network";
+  #   };
+  # };
+
+  # users.users.headscale.extraGroups = [ config.users.groups.keys.name ];
+  # sops.secrets.headscale_oidc_secret = {
+  #   owner = config.users.users.headscale.name;
+  #   sopsFile = ./headscale.sops.yaml;
+  # };
+
+  services.nginx.virtualHosts."headscale.noms.ing" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:8323";
+      proxyWebsockets = true;
+    };
+  };
+
+  # services.tailscale.enable = true;
+}
diff --git a/chaski/services/tracktrain.nix b/chaski/services/tracktrain.nix
deleted file mode 100644
index 50ba440..0000000
--- a/chaski/services/tracktrain.nix
+++ /dev/null
@@ -1,168 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-let
-  # this gets rid of the implicit dependency on ghc, reducing closure size
-  stripLib = drv: pkgs.stdenv.mkDerivation {
-    name = drv.name + "-without-lib";
-    src = drv.outPath;
-    buildPhase = ''
-      mkdir -p $out
-      cp -r $src/bin $out
-    '';
-    phases = [ "buildPhase" ];
-  };
-
-  tracktrain-config = ''
-    dbstring: "dbname=tracktrain user=tracktrain"
-    gtfs: ${pkgs.copyPathToStore ./gtfs.zip}
-
-    warp:
-      port: 4000
-
-    login:
-      enable: false
-      url: "http://dings"
-      clientname: not
-      clientsecret: used
-  '';
-in
-{
-  services.nginx.recommendedProxySettings = true;
-  services.nginx.virtualHosts."tracktrain.stuebinm.eu" = {
-    locations."/" = {
-      proxyPass = "http://192.168.42.41:4000";
-      proxyWebsockets = true;
-    };
-    locations."/api" = {
-      proxyPass = "http://192.168.42.41:4000";
-      proxyWebsockets = true;
-      extraConfig = ''
-        add_header 'Access-Control-Allow-Origin' '*' always;
-      '';
-    };
-    locations."/metrics/" = {
-      proxyPass = "http://localhost:2342";
-      proxyWebsockets = true;
-      extraConfig = ''
-        rewrite  ^/metrics/(.*)  /$1 break;
-      '';
-    };
-    locations."/assets" = {
-      proxyPass = "http://192.168.42.41:4567";
-    };
-    enableACME = true;
-    forceSSL = true;
-  };
-
-
-  services.prometheus = {
-    enable = true;
-    port = 9001;
-    scrapeConfigs = [ {
-      job_name = "tracktrain";
-      static_configs = [{
-        targets = [  "192.168.42.41:4000" ];
-      }];
-    } ];
-  };
-
-  services.grafana = {
-    enable = true;
-    settings.server = {
-      serve_from_sub_path = true;
-      domain = "tracktrain.ilztalbahn.eu";
-      root_url = "%(protocol)s://%(domain)s:/metrics/";
-      http_port = 2342;
-      http_addr = "0.0.0.0";
-    };
-
-    provision = {
-      enable = true;
-      datasources.settings.datasources = [ {
-        url = "http://localhost:9001";
-        type = "prometheus";
-        name = "prometheus";
-      } ];
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 443 ];
-
-  containers.tracktrain = {
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress6 = "fd00::42:40";
-    localAddress6 = "fd00::42:41";
-    hostAddress = "192.168.42.40";
-    localAddress = "192.168.42.41";
-
-    config = { config, pkgs, ... }: {
-
-      environment.noXlibs = true;
-      systemd.services.dufs = {
-        enable = true;
-        description = "assets for tracktrain's frontend";
-        wantedBy = [ "tracktrain.service" ];
-        serviceConfig.Type = "simple";
-        path = [ pkgs.dufs ];
-        script = ''
-          dufs -b 0.0.0.0 -p 4567 --path-prefix /assets --auth /@$(cat /username):$(cat /password)"@*" --auth-method basic --allow-upload --allow-delete /assets
-        '';
-      };
-
-      systemd.services.tracktrain = {
-        enable = true;
-
-        description = "tracks trains, hopefully";
-        wantedBy = [ "multi-user.target" ];
-        after = [ "network.target" ];
-        serviceConfig.Type = "simple";
-        path = [ pkgs.wget ];
-        script = ''
-          cd /tmp
-          ln -sf ${pkgs.writeText "config.yaml" tracktrain-config} "config.yaml"
-          ${
-            import inputs.tracktrain {
-              nixpkgs = pkgs;
-              compiler = "default";
-            }
-           }/bin/tracktrain +RTS -T
-        '';
-        startAt = "daily";
-      };
-
-      services.postgresql = {
-        enable = true;
-
-        ensureDatabases = [ "tracktrain" ];
-        ensureUsers = [ {
-          name = "tracktrain";
-          ensureDBOwnership = true;
-        } ];
-        authentication = ''
-          local   all   all                              trust
-          host    all   all        127.0.0.1/32          trust
-        '';
-      };
-
-      networking.firewall.enable = false;
-      system.stateVersion = "22.05";
-
-      services.coredns = {
-        enable = true;
-        config = ''
-          .:53 {
-          forward . 1.1.1.1
-          }
-        '';
-      };
-    };
-  };
-
-  networking.nat = {
-    enable = true;
-    internalInterfaces = [ "ve-tracktrain" ];
-    externalInterface = "ens3";
-  };
-
-}