cleanup

update
2024-09-06 21:15:30 -04:00 · 2024-09-06 20:58:58 -04:00
2 changed files with 18 additions and 81 deletions
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@ -41,26 +41,13 @@
  };
  # Enable the X11 windowing system.
  services.xserver.enable = false;
  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = false;
  services.xserver.desktopManager.gnome.enable = false;
 # Enable CUPS to print documents.
  services.auto-cpufreq.enable = true;
  services.thermald.enable = true;
  powerManagement.powertop.enable = true;
  powerManagement.enable = true;
  # Enable sound with pipewire.
  sound.enable = false;
 # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
  ];
@ -68,7 +55,7 @@
  users.users.k = {
    isNormalUser = true;
    description = "k";
-    extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
+    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [zsh];
    shell = pkgs.zsh;
  };
@ -91,10 +78,6 @@
  intel-media-driver 
  microcodeIntel
  ];
  networking.firewall = {
    enable = false;
    allowedTCPPorts = [80 443 22 ];
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/hosts/server/service.nix
+++ b/hosts/server/service.nix
@ -1,5 +1,12 @@
 {pkgs,lib,...}:
 {
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [80 443 22 ];
  };
  services.openssh = {
    enable = true;
  };
@ -16,6 +23,7 @@
        HTTP_PORT = 8001;
 	DOMAIN = "dhilton.xyz";
 	ROOT_URL = "https://git.dhilton.xyz";
 	ENABLE_PUSH_CREATE_USER = true;
      };
    };
  };
@ -25,22 +33,12 @@
    url = "https://git.dhilton.xyz";
    name = "nixsrv";
    token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
-    labels = ["ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" "native:host"];
+    labels = ["ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host"];
  };
  services.pufferpanel = {
    enable = true;
    extraGroups =["docker"];
    extraPackages = [pkgs.jre];
    environment = {
      PUFFER_WEB_HOST = ":8002";
      PUFFER_PANEL_REGISTRATIONENABLED = "false";
    };
  };
  services.home-assistant = {
    enable = true;
-    extraComponents = ["wiz" "fail2ban" "whisper" "piper" "wyoming" "ollama"];
+    extraComponents = ["wiz" "fail2ban"];
    config = {
    default_config={};
    "automation ui" = "!include automations.yaml";
@ -68,33 +66,8 @@
    settings = { server.port = 8005; server.secret_key = "secretlol";};
  };
  networking.domain = "dhilton.xyz";
  services.postgresql.enable = true;
  services.akkoma.enable = true;
  services.akkoma.config = {
  ":pleroma" = {
    ":instance" = {
      name = "dhilton fedi";
      description = "dhilton akkoma server";
      email = "markers711@gmail.com";
      registration_open = false;
      };
    "Pleroma.Web.Endpoint" = {
      url.host = "fed.dhilton.xyz";
      };
    };
  };
  services.akkoma.nginx = {
    enableACME = true;
    forceSSL = true;
  };
  services.fail2ban = {
-    enable=false;
+    enable=true;
  };
  virtualisation.docker = {
@ -118,6 +91,7 @@
    "git.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
        forceSSL = true;
 	locations."/" = {
          proxyPass = "http://127.0.0.1:8001";
 	  proxyWebsockets = true;
@ -125,6 +99,7 @@
     };
    "ntfy.dhilton.xyz" = {
        forceSSL = true;
        addSSL = true;
        enableACME = true;
 	locations."/" = {
@ -134,6 +109,7 @@
     };
    "jel.dhilton.xyz" = {
        forceSSL = true;
        addSSL = true;
        enableACME = true;
 	locations."/" = {
@ -143,6 +119,7 @@
     };
    "puf.dhilton.xyz" = {
        forceSSL = true;
        addSSL = true;
        enableACME = true;
 	locations."/" = {
@ -152,6 +129,7 @@
     };
    "srx.dhilton.xyz" = {
        forceSSL = true;
        addSSL = true;
        enableACME = true;
 	locations."/" = {
@ -160,16 +138,8 @@
 	};
     };
    "map.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
 	locations."/" = {
          proxyPass = "http://127.0.0.1:8100";
 	  proxyWebsockets = true;
 	};
     };
    "hom.dhilton.xyz" = {
        forceSSL = true;
        addSSL = true;
        enableACME = true;
 	locations."/" = {
@ -184,20 +154,4 @@
    acceptTerms = true;
    defaults.email = "markers711@gmail.com";
  };
  virtualisation.libvirtd = {
  enable = true;
  qemu = {
    package = pkgs.qemu_kvm;
    runAsRoot = true;
    swtpm.enable = true;
    ovmf = {
      enable = true;
      packages = [(pkgs.OVMF.override {
        secureBoot = true;
        tpmSupport = true;
      }).fd];
    };
  };
 };
 }
Author	SHA1	Message	Date
k	d060ce64d5	cleanup	2024-09-06 21:15:30 -04:00
k	6f8d77da40	update	2024-09-06 20:58:58 -04:00