From d060ce64d59751722335eb7b6ace17e3ecec7a99 Mon Sep 17 00:00:00 2001
From: k <markers711@gmail.com>
Date: Fri, 6 Sep 2024 21:15:30 -0400
Subject: [PATCH] cleanup

---
 hosts/server/configuration.nix | 16 +------
 hosts/server/service.nix       | 80 ++++++++--------------------------
 2 files changed, 18 insertions(+), 78 deletions(-)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 30936c4..f8636d1 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -40,13 +40,6 @@
     LC_TIME = "en_US.UTF-8";
   };
 
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = false;
-
-  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = false;
-  services.xserver.desktopManager.gnome.enable = false;
  
  # Enable CUPS to print documents.
   services.auto-cpufreq.enable = true;
@@ -54,10 +47,7 @@
   powerManagement.powertop.enable = true;
   powerManagement.enable = true;
 
- # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
   programs.nix-ld.enable = true;
   programs.nix-ld.libraries = with pkgs; [
   ];
@@ -65,7 +55,7 @@
   users.users.k = {
     isNormalUser = true;
     description = "k";
-    extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
+    extraGroups = [ "networkmanager" "wheel" ];
     packages = with pkgs; [zsh];
     shell = pkgs.zsh;
   };
@@ -88,10 +78,6 @@
   intel-media-driver 
   microcodeIntel
   ];
-  networking.firewall = {
-    enable = false;
-    allowedTCPPorts = [80 443 22 ];
-  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
diff --git a/hosts/server/service.nix b/hosts/server/service.nix
index 8419039..1919474 100644
--- a/hosts/server/service.nix
+++ b/hosts/server/service.nix
@@ -1,5 +1,12 @@
 {pkgs,lib,...}:
 {
+
+  
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [80 443 22 ];
+  };
+
   services.openssh = {
     enable = true;
   };
@@ -16,6 +23,7 @@
         HTTP_PORT = 8001;
 	DOMAIN = "dhilton.xyz";
 	ROOT_URL = "https://git.dhilton.xyz";
+	ENABLE_PUSH_CREATE_USER = true;
       };
     };
   };
@@ -25,22 +33,12 @@
     url = "https://git.dhilton.xyz";
     name = "nixsrv";
     token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
-    labels = ["ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" "native:host"];
-  };
-
-  services.pufferpanel = {
-    enable = true;
-    extraGroups =["docker"];
-    extraPackages = [pkgs.jre];
-    environment = {
-      PUFFER_WEB_HOST = ":8002";
-      PUFFER_PANEL_REGISTRATIONENABLED = "false";
-    };
+    labels = ["ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host"];
   };
 
   services.home-assistant = {
     enable = true;
-    extraComponents = ["wiz" "fail2ban" "whisper" "piper" "wyoming" "ollama"];
+    extraComponents = ["wiz" "fail2ban"];
     config = {
     default_config={};
     "automation ui" = "!include automations.yaml";
@@ -68,33 +66,8 @@
     settings = { server.port = 8005; server.secret_key = "secretlol";};
   };
 
-  networking.domain = "dhilton.xyz";
-
-  services.postgresql.enable = true;
-
-  services.akkoma.enable = true;
-  services.akkoma.config = {
-  ":pleroma" = {
-    ":instance" = {
-      name = "dhilton fedi";
-      description = "dhilton akkoma server";
-      email = "markers711@gmail.com";
-      registration_open = false;
-      };
-
-    "Pleroma.Web.Endpoint" = {
-      url.host = "fed.dhilton.xyz";
-      };
-    };
-  };
-
-  services.akkoma.nginx = {
-    enableACME = true;
-    forceSSL = true;
-  };
-
   services.fail2ban = {
-    enable=false;
+    enable=true;
   };
 
   virtualisation.docker = {
@@ -118,6 +91,7 @@
     "git.dhilton.xyz" = {
         addSSL = true;
         enableACME = true;
+        forceSSL = true;
 	locations."/" = {
           proxyPass = "http://127.0.0.1:8001";
 	  proxyWebsockets = true;
@@ -125,6 +99,7 @@
      };
 
     "ntfy.dhilton.xyz" = {
+        forceSSL = true;
         addSSL = true;
         enableACME = true;
 	locations."/" = {
@@ -134,6 +109,7 @@
      };
 
     "jel.dhilton.xyz" = {
+        forceSSL = true;
         addSSL = true;
         enableACME = true;
 	locations."/" = {
@@ -143,6 +119,7 @@
      };
 
     "puf.dhilton.xyz" = {
+        forceSSL = true;
         addSSL = true;
         enableACME = true;
 	locations."/" = {
@@ -152,6 +129,7 @@
      };
 
     "srx.dhilton.xyz" = {
+        forceSSL = true;
         addSSL = true;
         enableACME = true;
 	locations."/" = {
@@ -160,16 +138,8 @@
 	};
      };
 
-    "map.dhilton.xyz" = {
-        addSSL = true;
-        enableACME = true;
-	locations."/" = {
-          proxyPass = "http://127.0.0.1:8100";
-	  proxyWebsockets = true;
-	};
-     };
-
     "hom.dhilton.xyz" = {
+        forceSSL = true;
         addSSL = true;
         enableACME = true;
 	locations."/" = {
@@ -184,20 +154,4 @@
     acceptTerms = true;
     defaults.email = "markers711@gmail.com";
   };
-  virtualisation.libvirtd = {
-  enable = true;
-  qemu = {
-    package = pkgs.qemu_kvm;
-    runAsRoot = true;
-    swtpm.enable = true;
-    ovmf = {
-      enable = true;
-      packages = [(pkgs.OVMF.override {
-        secureBoot = true;
-        tpmSupport = true;
-      }).fd];
-    };
-  };
-};
-
 }