remove lots of dead code and refactor

2025-03-03 15:26:01 -05:00 · 2025-03-03 15:26:01 -05:00 · 7f7223d85f
commit 7f7223d85f
parent 471434366b
35 changed files with 227 additions and 1616 deletions
--- a/hosts/chunk/adguard.nix
+++ b/hosts/chunk/adguard.nix
@ -1,29 +0,0 @@
-{ ... }:
-{
-  services.adguardhome = {
-    enable = true;
-    host = "127.0.0.1";
-    port = 8082;
-    settings = {
-      http.port = "8083";
-      users = [
-        {
-          name = "cy";
-          password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC";
-        }
-      ];
-      # do not listen eveywhere cause podman runs it's own DNS
-      dns.bind_hosts = [
-        "127.0.0.1"
-        "::1"
-        "31.59.129.225"
-        "2a0f:85c1:840:2bfb::1"
-      ];
-    };
-  };
-
-  services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
-    import common
-    reverse_proxy localhost:8082
-  '';
-}
--- a/hosts/chunk/attic.nix
+++ b/hosts/chunk/attic.nix
@ -1,33 +0,0 @@
-{ config, ... }:
-{
-  services.atticd = {
-    enable = true;
-
-    environmentFile = config.sops.secrets."attic/env".path;
-
-    settings = {
-      listen = "[::]:8090";
-      api-endpoint = "https://cache.cy7.sh/";
-      allowed-hosts = [ "cache.cy7.sh" ];
-      require-proof-of-possession = false;
-      compression.type = "zstd";
-      database.url = "postgresql:///atticd?host=/run/postgresql";
-
-      storage = {
-        type = "s3";
-        region = "auto";
-        bucket = "attic";
-        endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
-      };
-
-      garbage-collection = {
-        default-retention-period = "2 weeks";
-      };
-    };
-  };
-
-  services.caddy.virtualHosts."cache.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8090
-  '';
-}
--- a/hosts/chunk/conduit.nix
+++ b/hosts/chunk/conduit.nix
@ -1,40 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}:
-{
-  virtualisation.oci-containers.containers.conduit = {
-    image = "ghcr.io/girlbossceo/conduwuit:main";
-    autoStart = true;
-    ports = [ "127.0.0.1:8448:8448" ];
-    pull = "newer";
-    environment = {
-      CONDUWUIT_SERVER_NAME = "cything.io";
-      CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit";
-      CONDUWUIT_PORT = "8448";
-      CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB
-      CONDUWUIT_ALLOW_REGISTRATION = "false";
-      CONDUWUIT_ALLOW_FEDERATION = "true";
-      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true";
-      CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]'';
-      CONDUWUIT_ADDRESS = "0.0.0.0";
-      # CONDUIT_CONFIG = "";
-    };
-    volumes = [
-      "/opt/conduit/db:/var/lib/conduwuit/"
-    ];
-    networks = [ "conduit-net" ];
-  };
-
-  systemd.services.create-conduit-net = {
-    serviceConfig.Type = "oneshot";
-    wantedBy = with config.virtualisation.oci-containers; [
-      "${backend}-conduit.service"
-    ];
-    script = ''
-      ${pkgs.podman}/bin/podman network exists conduit-net || \
-      ${pkgs.podman}/bin/podman network create conduit-net
-    '';
-  };
-}
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -71,81 +71,74 @@
  system.stateVersion = "24.05";

  # network stuff
+  networking = {
+    hostName = "chunk";
+    networkmanager.enable = true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        80
+        443
+      ];
+      allowedUDPPorts = [
+        443
+        53
+        853
+      ];
+      extraCommands =
+        let
+          ethtool = lib.getExe pkgs.ethtool;
+          tc = lib.getExe' pkgs.iproute2 "tc";
+        in
+        ''
+          # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
+          ${ethtool} -K ens18 tso off

-  networking.hostName = "chunk";
-  networking.networkmanager.enable = true;
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [
-      22
-      80
-      443
-      53
-      853
-    ];
-    allowedUDPPorts = [
-      443
-      53
-      853
-    ];
-    extraCommands =
-      let
-        ethtool = lib.getExe pkgs.ethtool;
-        tc = lib.getExe' pkgs.iproute2 "tc";
-      in
-      ''
-        # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
-        ${ethtool} -K ens18 tso off
+          # clear existing rules
+          ${tc} qdisc del dev ens18 root || true

-        # clear existing rules
-        ${tc} qdisc del dev ens18 root || true
+          # create HTB hierarchy
+          ${tc} qdisc add dev ens18 root handle 1: htb default 30
+          ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
+          # tailscale
+          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
+          # caddy
+          ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
+          # rest
+          ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%

-        # create HTB hierarchy
-        ${tc} qdisc add dev ens18 root handle 1: htb default 30
-        ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-        # tailscale
-        ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
-        # caddy
-        ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
-        # rest
-        ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
+          # mark traffic
+          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2

-        # mark traffic
-        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
-        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
-
-        # route marked packets
-        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
-        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
-      '';
-  };
-  networking.interfaces.ens18 = {
-    ipv6.addresses = [
-      {
-        address = "2a0f:85c1:840:2bfb::1";
-        prefixLength = 64;
-      }
-    ];
-    ipv4.addresses = [
-      {
-        address = "31.59.129.225";
-        prefixLength = 24;
-      }
-    ];
-  };
-  networking.defaultGateway6 = {
-    address = "2a0f:85c1:840::1";
-    interface = "ens18";
-  };
-  networking.defaultGateway = {
-    address = "31.59.129.1";
-    interface = "ens18";
-  };
-
-  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    font = "Lat2-Terminus16";
-    useXkbConfig = true;
+          # route marked packets
+          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
+        '';
+    };
+    interfaces.ens18 = {
+      ipv6.addresses = [
+        {
+          address = "2a0f:85c1:840:2bfb::1";
+          prefixLength = 64;
+        }
+      ];
+      ipv4.addresses = [
+        {
+          address = "31.59.129.225";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway6 = {
+      address = "2a0f:85c1:840::1";
+      interface = "ens18";
+    };
+    defaultGateway = {
+      address = "31.59.129.1";
+      interface = "ens18";
+    };
  };

  users.users.yt = {
@ -179,7 +172,6 @@
    tmux
    file
    sops
-    attic-server
  ];

  environment.variables = {
@ -199,28 +191,9 @@
  programs.git.enable = true;

  my.caddy.enable = true;
-  services.caddy.virtualHosts."cy7.sh" = {
-    serverAliases = [ "www.cy7.sh" ];
-    extraConfig = ''
-      import common
-      redir https://cything.io temporary
-    '';
-  };

  # container stuff
-  virtualisation.containers.enable = true;
-  virtualisation.podman = {
-    enable = true;
-    # create 'docker' alias for podman, to use as
-    # drop-in replacement
-    dockerCompat = true;
-    defaultNetwork.settings = {
-      dns_enabled = true;
-      ipv6_enabled = true;
-    };
-  };
-  virtualisation.oci-containers.backend = "podman";
-  environment.enableAllTerminfo = true;
+  my.containerization.enable = true;

  my.roundcube.enable = true;
  my.zipline.enable = true;
--- a/hosts/chunk/deluge.nix
+++ b/hosts/chunk/deluge.nix
@ -1,15 +0,0 @@
-{ ... }:
-{
-  services.deluge = {
-    enable = true;
-    web = {
-      enable = true;
-      port = 8112;
-    };
-  };
-
-  services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8112
-  '';
-}
--- a/hosts/chunk/gitlab.nix
+++ b/hosts/chunk/gitlab.nix
@ -1,35 +0,0 @@
-{ config, ... }:
-{
-  services.gitlab = {
-    enable = true;
-    https = true;
-    host = "git.cything.io";
-    user = "git"; # so that you can ssh with git@git.cything.io
-    group = "git";
-    port = 443; # this *not* the port gitlab will run on
-    puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma
-    sidekiq.concurrency = 5;
-    databaseUsername = "git"; # needs to be same as user
-    initialRootEmail = "hi@cything.io";
-    initialRootPasswordFile = config.sops.secrets."gitlab/root".path;
-    secrets = {
-      secretFile = config.sops.secrets."gitlab/secret".path;
-      otpFile = config.sops.secrets."gitlab/otp".path;
-      jwsFile = config.sops.secrets."gitlab/jws".path;
-      dbFile = config.sops.secrets."gitlab/db".path;
-    };
-    backup = {
-      startAt = "daily";
-      # we already postgresqlbackup.service
-      skip = [ "db" ];
-      keepTime = 48; # hours
-    };
-    extraConfig = {
-      gitlab = {
-        # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database
-        default_color_mode = 2;
-      };
-      prometheus.enabled = false;
-    };
-  };
-}
--- a/hosts/chunk/jellyfin.nix
+++ b/hosts/chunk/jellyfin.nix
@ -1,8 +0,0 @@
-{ ... }:
-{
-  services.jellyfin = {
-    enable = true;
-    dataDir = "/mnt/jellyfin";
-    configDir = "/var/lib/jellyfin/config";
-  };
-}