diff --git a/defaults.nix b/defaults.nix deleted file mode 100644 index 1465310..0000000 --- a/defaults.nix +++ /dev/null @@ -1,269 +0,0 @@ -# Ref: https://learnxinyminutes.com/docs/nix/ - -{ config, pkgs, lib, ... }: - -let state-version = "20.03"; - -in { - imports = [ - ./hardware-configuration.nix - ./packages/local.nix - ./config - ./bash.nix - - ]; - - nixpkgs.config.allowUnfree = true; - security.acme.acceptTerms = true; - - environment.systemPackages = with pkgs; [ - asdf - atop - autoconf - automake - bash - boot - bind - binutils - # bpytop - btrfs-progs - bundix - byobu - cdrtools - cargo - certbot - clang - curl - doomEmacsInit - dpkg - enca - fail2ban - file - fortune - gcc - git - gnumake - gnupg - google-cloud-sdk - guile - heimdalFull - home-manager - imagemagick - ipfs - iptables - jq - kerberos - leiningen - libisofs - lispPackages.alexandria - lispPackages.cl-ppcre - lispPackages.clx - lispPackages.quicklisp - lsof - lshw - mkpasswd - ncurses5 - nixfmt - nix-index - nix-prefetch-git - nmap - oidentd - openldap - openssh - openssl_1_1 - openssh_gssapi - pciutils - pv - pwgen - ruby - rustc - sbcl - screen - service-wrapper - stdenv - telnet - texlive.combined.scheme-basic - tmux - unzip - vim - wget - xclip - yubikey-manager - yubikey-personalization - ]; - - system.stateVersion = state-version; - - system.autoUpgrade.enable = true; - - environment.etc.current-nixos-config.source = ./.; - - krb5.enable = true; - krb5.kerberos = pkgs.heimdalFull; - - services.xserver = { - layout = "us"; - xkbVariant = "dvp"; - xkbOptions = "ctrl:nocaps"; - }; - - console = { useXkbConfig = true; }; - - i18n = { defaultLocale = "en_US.UTF-8"; }; - - programs = { - mosh.enable = true; - - ssh = { - startAgent = false; - - extraConfig = '' - GSSAPIAuthentication yes - GSSAPIDelegateCredentials yes - ''; - }; - - bash.enableCompletion = true; - mtr.enable = true; - - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - fish = { enable = true; }; - }; - - services = { - emacs = { - defaultEditor = true; - enable = true; - }; - - cron = { enable = true; }; - openssh = { - enable = true; - startWhenNeeded = true; - permitRootLogin = "prohibit-password"; - extraConfig = '' - GSSAPIAuthentication yes - GSSAPICleanupCredentials yes - ''; - }; - - pcscd = { enable = true; }; - - udev.packages = with pkgs; [ yubikey-personalization ]; - }; - - environment.shellInit = '' - ${pkgs.gnupg}/bin/gpg-connect-agent /bye - export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) - ''; - - security.pam = { - # TODO: add yubico? - services = { - sshd = { - # This should only ask for a code if ~/.google_authenticator exists, but it asks anyway. - # googleAuthenticator.enable = true; - makeHomeDir = true; - sshAgentAuth = true; - }; - }; - }; - - users.extraUsers = { - node = { - isSystemUser = true; - group = "nogroup"; - }; - }; - - users.groups = { fudosys = { gid = 888; }; }; - - users.extraUsers = { - niten = { - isNormalUser = true; - uid = 10000; - createHome = true; - description = "Niten"; - extraGroups = [ - "wheel" - "audio" - "video" - "disk" - "floppy" - "lp" - "cdrom" - "tape" - "dialout" - "adm" - "input" - "systemd-journal" - "fudosys" - "libvirtd" - ]; - group = "users"; - home = "/home/niten"; - hashedPassword = - "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64" - ]; - }; - reaper = { - isNormalUser = true; - uid = 10049; - createHome = true; - description = "Reaper"; - extraGroups = [ - "wheel" - "audio" - "video" - "disk" - "floppy" - "lp" - "cdrom" - "tape" - "dialout" - "adm" - "input" - "systemd-journal" - "fudosys" - "libvirtd" - ]; - group = "users"; - home = "/home/reaper"; - hashedPassword = - "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG."; - }; - fudo = { - isSystemUser = true; - uid = 888; - description = "Fudo System User"; - group = "fudosys"; - }; - }; - - home-manager.users = { - niten = import ./users/niten.nix { inherit config pkgs lib; }; - root = import ./users/root.nix { inherit config pkgs lib; }; - }; - - systemd.services.fudo-environment-init = { - enable = true; - description = "Fudo common settings."; - wantedBy = [ "default.target" ]; - - # Careful, this WILL run many times - script = '' - # Create a directory for system user homedirs if it doesn't already exist - if [ ! -d /var/home ]; then - mkdir -p /var/home - chmod +x /var/home - fi - ''; - }; - -} diff --git a/fudo/alias-users.nix b/fudo/alias-users.nix deleted file mode 100644 index bbced07..0000000 --- a/fudo/alias-users.nix +++ /dev/null @@ -1,20 +0,0 @@ -# A map of email aliases to a list of users (useful for system and bulk aliases) - -let - admin-users = ["reaper@fudo.org" "niten@fudo.org"]; -in { - root = admin-users; - postmaster = admin-users; - - www-data = admin-users; - hostmaster = admin-users; - webmaster = admin-users; - ftp = admin-users; - irc = admin-users; - admin = admin-users; - system = admin-users; - - asdf = ["mswaffer@gmail.com" "bouncetest@fudo.org"]; - - network-info = ["niten@fudo.org"]; -} diff --git a/fudo/email.nix b/fudo/email.nix deleted file mode 100644 index 11c7c40..0000000 --- a/fudo/email.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Fudo email settings -{ config }: - -{ - domain = "fudo.org"; - - local-domains = [ - "${config.networking.hostName}" - "selby.ca" - "mail.selby.ca" - "fudo.im" - "mail.fudo.im" - "fudo.ca" - "mail.fudo.ca" - "fudo.link" - "mail.fudo.link" - "selbyhomecentre.com" - "stewartsoundservices.ca" - "rogerwongphoto.com" - "chat.fudo.org" - ]; - - alias-users = import ./alias-users.nix; - user-aliases = import ./user-aliases.nix; - sender-blacklist = import ./sender-blacklist.nix; - recipient-blacklist = import ./recipient-blacklist.nix; - - trusted-networks = [ - "208.81.1.128/28" - "208.81.3.112/28" - "192.168.11.0/24" - "127.0.0.0/8" - ]; -} diff --git a/fudo/fudo.org.nix b/fudo/fudo.org.nix deleted file mode 100644 index c977504..0000000 --- a/fudo/fudo.org.nix +++ /dev/null @@ -1,268 +0,0 @@ -{ config, ... }: - -{ - dnssec = true; - - mx = ["mail.fudo.org"]; - - hosts = { - cisco = { - ip-addresses = [ "198.163.150.211" ]; - description = "\"allbran\" \"converge\""; - }; - cisco-int = { - ip-addresses = [ "10.73.77.10" ]; - description = "\"fruitloops\" \"aironet\""; - }; - cupid = { - ip-addresses = [ "208.38.36.100" ]; - }; - docker = { - ip-addresses = [ "208.81.3.126" ]; - }; - france = { - ip-addresses = [ "208.81.3.117" ]; - ssh-fingerprints = [ - "4 1 c95a198f504a589fc62893a95424b12f0b24732d" - "4 2 3e7dad879d6cab7f7fb6769e156d7988d0c01281618d03b793834eea2f09bc96" - "1 1 1b6d62dafae9ebc59169dfb4ef828582a5450d94" - "1 2 079e7a57873542541095bf3d2f97b7350bb457d027b423a6fb56f7f6aa84ac80" - ]; - }; - frankfurt = { - ip-addresses = [ "208.81.3.120" ]; - ipv6-addresses = [ "2605:e200:d200:1:5054:ff:fe8c:9738" ]; - ssh-fingerprints = [ - "2 1 4b9e4ed16a6b3fe6d41ed0f5cdeed853cc101e12" - "2 2 286ce32326874fe8aa15e3fd60b176b906ebd87306109f7c250d077db4ba85c5" - "3 1 3531dfd2f240ce0cd548b748462f78451df3f081" - "3 2 338809345ed38eb6808fd468067a74b2a8000fd8cc3bc016b9f977050bf1bba8" - "1 1 fb9ba707daa78243f8a8801f024fe790516b99a7" - "1 2 407f9692fedbd83449f0daf1cf795258b561a7e9c7e8072577cc84ffc0c84130" - ]; - }; - germany = { - ip-addresses = [ "208.81.3.116" ]; - ipv6-addresses = [ "2605:e200:d200:1:78d9:d8ff:fe0f:dd88" ]; - ssh-fingerprints = [ - "2 1 5609a728a91d7e52a6060ea7f3a7790005ba5e81" - "2 2 520a8eb3b9013837ac3ab4b28254f96b7718f9613e751a20dc488bf7d967b485" - "3 1 ee5b49888a36a34e7d4ee0d18626c82a16c2fcdf" - "3 2 d5e44cf2d85032638d49c030a9ccbff6638198c354efcb11bf173017d1257f49" - "1 1 9915d2515d7acdb38924d8829925113d5ce80b88" - "1 2 a7c866306e9661b8b568b2de282367c84065301d6228e58e57e6c4d3d33e3051" - ]; - }; - hanover = { - ip-addresses = [ "208.81.1.130" ]; - ipv6-addresses = [ "2605:e200:d100:1:5054:ff:fe61:ac8b" ]; - }; - localhost = { - ip-addresses = [ "127.0.0.1" ]; - }; - lsbb-gba = { - ip-addresses = [ "199.101.56.34" ]; - }; - lsbb-abg = { - ip-addresses = [ "199.101.56.38" ]; - }; - lsbb-hwd = { - ip-addresses = [ "199.101.56.106" ]; - }; - lsbb-hcl = { - ip-addresses = [ "199.101.56.110" ]; - }; - procul = { - ip-addresses = [ "172.86.179.18" ]; - }; - prunel = { - ip-addresses = [ "208.81.3.123" ]; - }; - mbix = { - ip-addresses = [ "208.81.7.146" ]; - }; - ns3-fudo = { - ip-addresses = [ "208.75.74.205" ]; - }; - ns3-dair = { - ip-addresses = [ "208.75.74.205" ]; - }; - ns4-fudo = { - ip-addresses = [ "208.75.75.157" ]; - }; - ns4-dair = { - ip-addresses = [ "208.75.75.157" ]; - }; - paris = { - ip-addresses = [ "208.81.3.125" ]; - ipv6-addresses = [ "2605:e200:d200:1:5054:ff:fe67:d0c1" ]; - ssh-fingerprints = [ - "2 1 9fe9e689a36316831ffafffc22c85913748670a6" - "2 2 f2ce57bf470c907604b79b6ef031c928a64a81031e78892fd475bbcf65ae728b" - "3 1 5c56e93a20868886ffe76e1fab012989ce8e995f" - "3 2 af4f383cb349fc3b2496a0bf0911da3a09f98a6d4d2a3c81bb0fb23a45bde950" - "4 1 71a1d35c32b4445b98ce339696f155e1d4c39bd5" - "4 2 a9e4810a24bd52082c9bb2b1019a9de7d7983246fecb454dd8d918ac5a11af81" - "1 1 18e8dd7cac48f1ac6103ec21c279e339d8690be1" - "1 2 72e4aa05c733441da57c464e6540486f5306b6768d784dd97c666e16629d77a0" - ]; - }; - probe = { - ip-addresses = [ "208.81.3.119" ]; - }; - tours = { - ip-addresses = [ "208.81.3.121" ]; - ipv6-addresses = [ "2605:e200:d200:1:5054:ff:fe95:34e5" ]; - ssh-fingerprints = [ - "2 2 41cddf1457880c7e86fa3838eabdbbe7cf803f98998ed406319ba3e43036964c" - "3 1 89b72a740ef6ef7ad9aaf5fe2178d356cdc7ee5b" - "3 2 c39346def56817aaf4c64db5667ccc6aeb400ff1166125fe630b63b5eab0ef29" - "4 1 049b1e6ef1d338d35e97baf312d8a371a266b7d1" - "4 2 1a889e43148ea1ded9f8bc60799ccf1bc32cb084946c8815abed6cc31f212594" - "1 1 bae37560759ec8dba35755473fbb346f9dc4e333" - "1 2 3d0d5efe2da329ea19b191f227c3aaad45271c651717ec3315cda131e992bbcf" - ]; - }; - }; - - default-host = "208.81.3.117"; - - srv-records = { - tcp = { - domain = [ - { - host = "ns1.fudo.org"; - port = 53; - } - { - host = "ns2.fudo.org"; - port = 53; - } - { - host = "ns3.fudo.org"; - port = 53; - } - { - host = "ns4.fudo.org"; - port = 53; - } - ]; - ssh = [{ - host = "france.fudo.org"; - port = 22; - }]; - smtp = [{ - host = "mail.fudo.org"; - port = 25; - }]; - submission = [{ - host = "mail.fudo.org"; - port = 587; - }]; - kerberos = [{ - host = "france.fudo.org"; - port = 88; - }]; - imaps = [{ - host = "mail.fudo.org"; - port = 993; - }]; - ldap = [{ - host = "france.fudo.org"; - port = 389; - }]; - ldaps = [{ - host = "france.fudo.org"; - port = 636; - }]; - pop3s = [{ - host = "mail.fudo.org"; - port = 995; - }]; - http = [{ - host = "wiki.fudo.org"; - port = 80; - }]; - https = [{ - host = "wiki.fudo.org"; - port = 80; - }]; - xmpp-server = [{ - host = "fudo.im"; - port = 5269; - }]; - xmpp-client = [{ - host = "fudo.im"; - port = 5222; - }]; - }; - udp = { - domain = [ - { - host = "ns1.fudo.org"; - port = 53; - } - { - host = "ns2.fudo.org"; - port = 53; - } - { - host = "ns3.fudo.org"; - port = 53; - } - { - host = "ns4.fudo.org"; - port = 53; - } - ]; - kerberos = [{ - host = "france.fudo.org"; - port = 88; - }]; - kerberos-master = [{ - host = "france.fudo.org"; - port = 88; - }]; - kpasswd = [{ - host = "france.fudo.org"; - port = 464; - }]; - xmpp-server = [{ - host = "fudo.im"; - port = 5269; - }]; - }; - }; - - aliases = { - pop = "mail.fudo.org."; - smtp = "mail.fudo.org."; - imap = "mail.fudo.org."; - webmail = "france.fudo.org."; - - archiva = "france.fudo.org."; - auth = "france.fudo.org."; - backplane = "france.fudo.org."; - chat = "france.fudo.org."; - de = "germany.fudo.org."; - fr = "france.fudo.org."; - git = "france.fudo.org."; - metrics = "france.fudo.org."; - minecraft = "france.fudo.org."; - monitor = "france.fudo.org."; - user = "paris.fudo.org."; - u = "user.fudo.org."; - w = "www.fudo.org."; - ww = "www.fudo.org."; - www = "hanover.fudo.org."; - wiki = "hanover.fudo.org."; - }; - - extra-dns-records = [ - ''_kerberos IN TXT "FUDO.ORG"'' - ''@ IN TXT "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"'' - ''@ IN SPF "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"'' - ]; - - dmarc-report-address = "dmarc-report@fudo.org"; -} diff --git a/fudo/groups.nix b/fudo/groups.nix deleted file mode 100644 index 1bd2c05..0000000 --- a/fudo/groups.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ - admin = { - gid = 1000; - description = "Admin User Group"; - members = [ - "niten" - "reaper" - "swaff" - ]; - }; - - fudo = { - gid = 1001; - description = "Fudo User Group"; - members = [ - "andrew" - "animus" - "anorthe" - "ark" - "ben" - "brian" - "chad" - "ckoo" - "dabar" - "dana" - "darryl" - "debo" - "flowchart" - "gaijin" - "gubbs" - "helen" - "jess" - "jill" - "jinny" - "joker4ever" - "jun" - "kevin" - "kevinyinjunjie" - "kris" - "laura" - "leefolio" - "niten" - "r3d3" - "reaper" - "rob" - "saphira" - "slickoil" - "splat1" - "stewartd" - "swaff" - "theblacksun" - "xiaoxuan" - "zimm" - ]; - }; - - selby = { - gid = 1002; - description = "Selby User Group"; - members = [ - "andrew" - "brian" - "darryl" - "helen" - "jess" - "ken" - "kevin" - "laura" - "niten" - "rob" - "vee" - "xiaoxuan" - ]; - }; - - www-fudo = { - gid = 1005; - description = "Fudo Web Group"; - members = [ - "niten" - "reaper" - "www-data" - ]; - }; - - fudo_admin = { - gid = 1031; - description = "Fudo Administrators"; - members = [ - "niten" - "reaper" - ]; - }; - - sea_media = { - gid = 1077; - description = "Media group for Niten's home in Seattle"; - members = [ - "ken" - "niten" - "reaper" - "xiaoxuan" - ]; - }; - - fudo_shell = { - gid = 1078; - description = "Users with shell access to fudo hosts"; - members = [ - "ansyg" - "joker4ever" - "kevinyinjunjie" - "niten" - "omefire" - "reaper" - "swaff" - ]; - }; - -} diff --git a/fudo/profiles/common-ui.nix b/fudo/profiles/common-ui.nix deleted file mode 100644 index 08be135..0000000 --- a/fudo/profiles/common-ui.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - profile = config.fudo.common.profile; - - common-packages = with pkgs; [ - ffmpeg-full - libfixposix - mono - nomacs - oraclejdk - python37Packages.youtube-dl - sqlite - system-config-printer - ]; - - gui-packages = with pkgs; [ - cool-retro-term - corefonts - chrome-gnome-shell - chromium - emacs - evince - firefox - gimp - glxinfo - gnome3.gnome-shell - gnome3.gnome-session - google-chrome - gtk2 - gtk2-x11 - gtk3 - gtkimageview - i3lock - mplayer - mpv - pdftk - racket - redshift - rhythmbox - shotwell - spotify - (steam.override { - nativeOnly = true; - extraPkgs = pkgs: [ - mono - fmodex - gtk3 - gtk3-x11 - libgdiplus - zlib - ]; - withJava = true; - }).run - virtmanager - xorg.xev - xzgv - virtmanager-qt - ]; - - cfg = config.fudo.common; - -in mkIf ((profile == "desktop") || (profile == "laptop")) { - environment.systemPackages = - common-packages ++ (if cfg.enable-gui then gui-packages else []); - - nixpkgs.config.allowBroken = true; - - services.avahi = { - enable = true; - browseDomains = [config.fudo.common.domain]; - domainName = config.fudo.common.domain; - }; - - # splash screen - boot.plymouth.enable = false; - - boot.tmpOnTmpfs = true; - - services.xserver = if cfg.enable-gui then { - enable = true; - - layout = "us"; - xkbVariant = "dvp"; - xkbOptions = "ctrl:nocaps"; - - desktopManager.gnome3.enable = true; - - displayManager.gdm.enable = true; - - # displayManager.defaultSession = "gnome"; - - windowManager.stumpwm.enable = true; - - # windowManager.session = pkgs.lib.singleton { - # name = "stumpwm"; - # start = '' - # ${pkgs.lispPackages.stumpwm}/bin/stumpwm & - # waidPID=$! - # ''; - # }; - } else { - layout = "us"; - xkbVariant = "dvp"; - xkbOptions = "ctrl:nocaps"; - }; - - services.gnome3 = mkIf cfg.enable-gui { - evolution-data-server.enable = pkgs.lib.mkForce false; - gnome-user-share.enable = pkgs.lib.mkForce false; - }; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryFlavor = if cfg.enable-gui then "gnome3" else "curses"; - }; - - services.dbus.socketActivated = true; - - sound.enable = true; - - hardware.pulseaudio.enable = true; - - fonts = mkIf cfg.enable-gui { - enableFontDir = true; - #fontconfig.antialias = true; - fontconfig.enable = true; - #fontconfig.penultimate.enable = true; - #fontconfig.subpixel.lcdfilter = "default"; - - fonts = with pkgs; [ - cantarell_fonts - dejavu_fonts - dina-font - dosemu_fonts - fira-code - fira-code-symbols - freefont_ttf - liberation_ttf - mplus-outline-fonts - #nerdfonts - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - proggyfonts - terminus_font - ubuntu_font_family - ucsFonts - ultimate-oldschool-pc-font-pack - unifont - vistafonts - xlibs.fontadobe100dpi - xlibs.fontadobe75dpi - xlibs.fontadobeutopia100dpi - xlibs.fontadobeutopia75dpi - xlibs.fontadobeutopiatype1 - xlibs.fontarabicmisc - xlibs.fontbh100dpi - xlibs.fontbh75dpi - xlibs.fontbhlucidatypewriter100dpi - xlibs.fontbhlucidatypewriter75dpi - xlibs.fontbhttf - xlibs.fontbhtype1 - xlibs.fontbitstream100dpi - xlibs.fontbitstream75dpi - xlibs.fontbitstreamtype1 - xlibs.fontcronyxcyrillic - xlibs.fontcursormisc - xlibs.fontdaewoomisc - xlibs.fontdecmisc - xlibs.fontibmtype1 - xlibs.fontisasmisc - xlibs.fontjismisc - xlibs.fontmicromisc - xlibs.fontmisccyrillic - xlibs.fontmiscethiopic - xlibs.fontmiscmeltho - xlibs.fontmiscmisc - xlibs.fontmuttmisc - xlibs.fontschumachermisc - xlibs.fontscreencyrillic - xlibs.fontsonymisc - xlibs.fontsunmisc - xlibs.fontwinitzkicyrillic - xlibs.fontxfree86type1 - ]; - }; -} diff --git a/fudo/profiles/default.nix b/fudo/profiles/default.nix deleted file mode 100644 index a4c5892..0000000 --- a/fudo/profiles/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./common-ui.nix - ./desktop.nix - ./laptop.nix - ./server.nix - ]; -} diff --git a/fudo/profiles/desktop.nix b/fudo/profiles/desktop.nix deleted file mode 100644 index 5d70746..0000000 --- a/fudo/profiles/desktop.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -mkIf (config.fudo.common.profile == "desktop") { - networking = { - networkmanager.enable = mkForce false; - }; -} diff --git a/fudo/profiles/laptop.nix b/fudo/profiles/laptop.nix deleted file mode 100644 index 4064377..0000000 --- a/fudo/profiles/laptop.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - options.fudo.laptop = { - use-network-manager = mkOption { - type = types.bool; - description = "Use NetworkManager instead of wpa_supplicant."; - default = false; - }; - }; - config = mkIf (config.fudo.common.profile == "laptop") { - environment.systemPackages = with pkgs; [ acpi upower wpa_supplicant ]; - - networking = if (config.fudo.laptop.use-network-manager) then { - networkmanager.enable = true; - } else { - networkmanager.enable = false; - wireless = { - enable = true; - userControlled = { - enable = true; - group = "wheel"; - }; - networks = { - "sea.fudo.org" = { psk = "DahHaocheiD5"; }; - "Pixel_9041" = { psk = "ea72027e4e6"; }; - }; - }; - }; - }; -} diff --git a/fudo/profiles/server.nix b/fudo/profiles/server.nix deleted file mode 100644 index 94ceed9..0000000 --- a/fudo/profiles/server.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - reboot-if-necessary = pkgs.writeShellScriptBin "reboot-if-necessary" '' - if [ $# -ne 1 ]; then - echo "FAILED: no sync file provided." - exit 1 - fi - - WALL=${pkgs.utillinux}/bin/wall - - if [ -f $1 ]; then - $WALL "$1 exists, rebooting system" - ${pkgs.systemd}/bin/reboot - else - $WALL "$1 does not exist, aborting reboot." - fi - - exit 0 - ''; - - test-config = pkgs.writeShellScriptBin "fudo-test-config" '' - if [ $# -gt 1 ]; then - echo "usage: $0 [timeout]" - exit 1 - elif [ $# -eq 1 ]; then - TIMEOUT=$1 - else - TIMEOUT=15m - fi - - SYNCFILE=$TMP/sync-$(date +"%Y%m%d-%H%M%N") - touch $SYNCFILE - ${pkgs.utillinux}/bin/wall "Launching config. System will restart in $TIMEOUT if $SYNCFILE still exists." - systemd-run --on-active=$TIMEOUT ${reboot-if-necessary} $SYNCFILE - nixos-rebuild test - - exit 0 - ''; - -in { - config = mkIf (config.fudo.common.profile == "server") { - environment = { - systemPackages = with pkgs; [ - emacs-nox - ldns - ldns.examples - jdk12_headless - racket-minimal - reboot-if-necessary - test-config - ]; - - noXlibs = true; - }; - - security = { - hideProcessInformation = true; - }; - - networking = { - networkmanager.enable = mkForce false; - }; - - boot.tmpOnTmpfs = true; - - services.xserver.enable = false; - - programs = { - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - }; -} diff --git a/fudo/recipient-blacklist.nix b/fudo/recipient-blacklist.nix deleted file mode 100644 index 002dda1..0000000 --- a/fudo/recipient-blacklist.nix +++ /dev/null @@ -1,3 +0,0 @@ -# Emails for which we won't accept any email. - -[] diff --git a/fudo/selby.ca.nix b/fudo/selby.ca.nix deleted file mode 100644 index 8d62144..0000000 --- a/fudo/selby.ca.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ host_ipv4, config }: - -{ - dnssec = true; - - mx = ["mail.fudo.org"]; - - hosts = { - forum = { - ip-addresses = [ "208.81.3.117" ]; - }; - }; - - default-host = "208.81.3.117"; - - srv-records = { - tcp = { - domain = [{ - host = "ns1.fudo.org"; - port = "53"; - }]; - ssh = [{ - host = "france.fudo.org"; - port = 22; - }]; - submission = [{ - host = "mail.fudo.org"; - port = 587; - }]; - kerberos = [{ - host = "auth.fudo.org"; - port = 88; - }]; - imaps = [{ - host = "mail.fudo.org"; - port = 993; - }]; - pop3s = [{ - host = "mail.fudo.org"; - port = 995; - }]; - http = [{ - host = "forum.selby.ca"; - port = 80; - }]; - https = [{ - host = "forum.selby.ca"; - port = 80; - }]; - }; - udp = { - domain = [{ - host = "auth.fudo.org"; - port = 53; - }]; - kerberos = [{ - host = "auth.fudo.org"; - port = 88; - }]; - }; - }; - - aliases = { - pop = "mail.fudo.org."; - smtp = "mail.fudo.org."; - imap = "mail.fudo.org."; - mail = "mail.fudo.org."; - ns1 = "ns1.fudo.org."; - ns2 = "ns2.fudo.org."; - webmail = "france.fudo.org."; - forum = "frankfurt.fudo.org."; - }; - - extra-dns-records = [ - ''_kerberos IN TXT "FUDO.ORG"'' - ''@ IN TXT "v=spf1 mx ip4:${host_ipv4}/29 -all"'' - ''@ IN SPF "v=spf1 mx ip4:${host_ipv4}/29 -all"'' - ]; - - dmarc-report-address = "dmarc-report@selby.ca"; -} diff --git a/fudo/sender-blacklist.nix b/fudo/sender-blacklist.nix deleted file mode 100644 index 311d8e1..0000000 --- a/fudo/sender-blacklist.nix +++ /dev/null @@ -1,8 +0,0 @@ -# We won't forward email from these addresses, because they were used for -# spamming. Learn2passward! - -[ - "animus@fudo.org" - "ark@fudo.org" - "theblacksun@fudo.org" -] diff --git a/fudo/sites/default.nix b/fudo/sites/default.nix deleted file mode 100644 index 63a6ab0..0000000 --- a/fudo/sites/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./joes.nix - ./portage.nix - ./russell.nix - ./seattle.nix - ]; -} diff --git a/fudo/sites/joes.nix b/fudo/sites/joes.nix deleted file mode 100644 index 5fcb5a7..0000000 --- a/fudo/sites/joes.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - hostname = config.networking.hostName; - - gateway = "172.86.179.17"; - - local-domain = "informis.land"; - - admin = "admin@${local-domain}"; - -in { - config = mkIf (config.fudo.common.site == "joes") { - time.timeZone = "America/Winnipeg"; - - services.cron = { - mailto = admin; - }; - - networking = { - domain = local-domain; - search = [ local-domain "fudo.org" ]; - firewall.enable = false; - - defaultGateway = gateway; - # defaultGateway6 = gateway6; - - hosts = { - "127.0.0.1" = [ - "${config.networking.hostName}.${local-domain}" - config.networking.hostName - ]; - }; - }; - - krb5.libdefaults.default_realm = "INFORMIS.LAND"; - - fudo.node-exporter = { - enable = false; - hostname = hostname; - }; - - security.acme.certs."${hostname}.${local-domain}" = { - email = "admin@${local-domain}"; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - }; - }; -} diff --git a/fudo/sites/portage.nix b/fudo/sites/portage.nix deleted file mode 100644 index e7e1469..0000000 --- a/fudo/sites/portage.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - admin = "admin@fudo.org"; - - nameservers = [ - "1.1.1.1" - "208.81.7.14" - "2606:4700:4700::1111" - ]; - - hostname = config.networking.hostName; - - gateway = "208.81.3.113"; - gateway6 = "2605:e200:d200:1::1"; - -in { - config = mkIf (config.fudo.common.site == "portage") { - time.timeZone = "America/Winnipeg"; - - services.cron = { - mailto = admin; - }; - - networking = { - domain = "fudo.org"; - search = ["fudo.org"]; - firewall.enable = false; - nameservers = nameservers; - - defaultGateway = gateway; - # defaultGateway6 = gateway6; - }; - - fudo.node-exporter = { - enable = true; - hostname = hostname; - }; - - security.acme.certs.${hostname} = { - email = "admin@fudo.org"; - # plugins = [ - # "fullchain.pem" - # "full.pem" - # "key.pem" - # "chain.pem" - # "cert.pem" - # ]; - }; - - # TODO: We...could run nginx in a container - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - }; - }; -} diff --git a/fudo/sites/russell.nix b/fudo/sites/russell.nix deleted file mode 100644 index 87ac9a1..0000000 --- a/fudo/sites/russell.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - admin = "admin@fudo.org"; - - local-domain = "rus.selby.ca"; - - gateway = "10.0.0.1"; - - nameservers = [ "10.0.0.1" ]; - - hostname = config.networking.hostName; - -in { - config = mkIf (config.fudo.common.site == "russell") { - time.timeZone = "America/Winnipeg"; - - services.cron = { mailto = admin; }; - - networking = { - domain = "rus.selby.ca"; - search = [ local-domain "fudo.org" "selby.ca" ]; - nameservers = nameservers; - - # Don't set the gateway if we ARE the gateway. - # This is the most generic way I can think of to do that. local-network is really - # about running all the local servers (DNS, DHCP, and providing gateway). - defaultGateway = - optionalString (config.fudo.local-network.enable != true) gateway; - - enableIPv6 = true; - - # Necessary to make sure than Kerberos and Avahi both work (the former - # needs the full reverse-lookup name of the server, the latter wants - # `hostname` to return just the host itself. - hosts = { - "127.0.0.1" = [ - "${config.networking.hostName}.${local-domain}" - config.networking.hostName - ]; - }; - }; - - krb5.libdefaults.default_realm = "FUDO.ORG"; - - users.extraUsers = { - guest = { - isNormalUser = true; - uid = 1000; - description = "Guest User"; - extraGroups = - [ "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "input" ]; - }; - ken = { - isNormalUser = true; - uid = 10035; - createHome = true; - description = "Ken Selby"; - extraGroups = - [ "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "input" ]; - group = "users"; - home = "/home/selby/ken"; - hashedPassword = - "$6$EwK9fpbH8$gYVzYY1IYw2/G0wCeUxXrZZqvjWCkCZbBqCOhxowbMuYtC5G0vp.AoYhVKWOJcHJM2c7TdPmAdnhLIe2KYStf."; - }; - xiaoxuan = { - isNormalUser = true; - uid = 10065; - createHome = true; - description = "Xiaoxuan Jin"; - extraGroups = - [ "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "input" ]; - group = "users"; - home = "/home/xiaoxuan"; - hashedPassword = - "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0"; - }; - }; - - fudo.common.domain = "sea.fudo.org"; - - fudo.local-network = { - domain = "${local-domain}"; - - network = "10.0.0.0/16"; - - dhcp-dynamic-network = "10.0.1.0/24"; - - enable-reverse-mappings = true; - - srv-records = { - tcp = { - domain = [{ - port = 53; - host = "clunk.${local-domain}"; - }]; - kerberos = [{ - port = 88; - host = "france.fudo.org"; - }]; - kerberos-adm = [{ - port = 88; - host = "france.fudo.org"; - }]; - ssh = [{ - port = 22; - host = "clunk.${local-domain}"; - }]; - }; - - udp = { - domain = [{ - port = 53; - host = "clunk.${local-domain}"; - }]; - kerberos = [{ - port = 88; - host = "france.fudo.org"; - }]; - kerboros-master = [{ - port = 88; - host = "france.fudo.org"; - }]; - kpasswd = [{ - port = 464; - host = "france.fudo.org"; - }]; - }; - }; - - aliases = { dns-hole = "clunk"; }; - - hosts = { - clunk = { - ip-address = "10.0.0.1"; - mac-address = "02:44:d1:eb:c3:6b"; - }; - - dns-proxy = { - ip-address = "10.0.0.2"; - # This is just an alias for clunk's primary interface - }; - - google-wifi = { - ip-address = "10.0.0.11"; - mac-address = "70:3a:cb:c0:3b:09"; - }; - - pselby-work = { - ip-address = "10.0.0.151"; - mac-address = "00:50:b6:aa:bd:b3"; - }; - - downstairs-desktop = { - ip-address = "10.0.0.100"; - mac-address = "90:b1:1c:8e:29:cf"; - }; - - upstairs-desktop = { - ip-address = "10.0.0.101"; - mac-address = "80:e8:2c:22:65:c2"; - }; - }; - }; - }; -} diff --git a/fudo/sites/seattle.nix b/fudo/sites/seattle.nix deleted file mode 100644 index 6989a3d..0000000 --- a/fudo/sites/seattle.nix +++ /dev/null @@ -1,343 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; -let - admin = "niten@fudo.org"; - - local-domain = "sea.fudo.org"; - - gateway = "10.0.0.1"; - - nameservers = [ "10.0.0.1" ]; - -in { - - config = mkIf (config.fudo.common.site == "seattle") { - - time.timeZone = "America/Los_Angeles"; - - services.printing = { enable = true; }; - - services.cron = { mailto = admin; }; - - krb5.libdefaults.default_realm = "FUDO.ORG"; - - networking = { - domain = local-domain; - search = [ local-domain "fudo.org" ]; - firewall.enable = false; - nameservers = nameservers; - - # Don't set the gateway if we ARE the gateway. - # This is the most generic way I can think of to do that. local-network is really - # about running all the local servers (DNS, DHCP, and providing gateway). - defaultGateway = - optionalString (config.fudo.local-network.enable != true) gateway; - - enableIPv6 = true; - - # Necessary to make sure than Kerberos and Avahi both work (the former - # needs the full reverse-lookup name of the server, the latter wants - # `hostname` to return just the host itself. - hosts = { - "127.0.0.1" = [ - "${config.networking.hostName}.${local-domain}" - config.networking.hostName - ]; - }; - }; - - users.extraUsers = { - guest = { - isNormalUser = true; - uid = 1000; - description = "Guest User"; - extraGroups = - [ "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "input" ]; - }; - ken = { - isNormalUser = true; - uid = 10035; - createHome = true; - description = "Ken Selby"; - extraGroups = - [ "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "input" ]; - group = "users"; - home = "/home/selby/ken"; - hashedPassword = - "$6$EwK9fpbH8$gYVzYY1IYw2/G0wCeUxXrZZqvjWCkCZbBqCOhxowbMuYtC5G0vp.AoYhVKWOJcHJM2c7TdPmAdnhLIe2KYStf."; - }; - xiaoxuan = { - isNormalUser = true; - uid = 10065; - createHome = true; - description = "Xiaoxuan Jin"; - extraGroups = - [ "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "input" ]; - group = "users"; - home = "/home/xiaoxuan"; - hashedPassword = - "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0"; - }; - kevin = { - isNormalUser = true; - createHome = true; - home = "/home/kevin"; - hashedPassword = ""; - }; - }; - - fileSystems."/mnt/documents" = { - device = "whitedwarf.${local-domain}:/volume1/Documents"; - fsType = "nfs4"; - }; - fileSystems."/mnt/downloads" = { - device = "whitedwarf.${local-domain}:/volume1/Downloads"; - fsType = "nfs4"; - }; - fileSystems."/mnt/music" = { - device = "doraemon.${local-domain}:/volume1/Music"; - fsType = "nfs4"; - }; - fileSystems."/mnt/video" = { - device = "doraemon.${local-domain}:/volume1/Video"; - fsType = "nfs4"; - }; - # fileSystems."/mnt/security" = { - # device = "panopticon.${local-domain}:/srv/kerberos/data"; - # fsType = "nfs4"; - # }; - fileSystems."/mnt/cargo_video" = { - device = "cargo.${local-domain}:/volume1/video"; - fsType = "nfs4"; - }; - fileSystems."/mnt/photo" = { - device = "cargo.${local-domain}:/volume1/pictures"; - fsType = "nfs4"; - }; - - fudo.common.domain = "sea.fudo.org"; - - fudo.local-network = { - - domain = "${local-domain}"; - - aliases = { - kadmin = "nostromo"; - kdc = "nostromo"; - photo = "doraemon"; - music = "doraemon"; - panopticon = "lambda"; - panopticon-od = "lambda"; - ipfs = "nostromo"; - hole = "nostromo"; - pihole = "nostromo"; - dns-hole = "nostromo"; - mon-1 = "srv-1"; - }; - - network = "10.0.0.0/16"; - - dhcp-dynamic-network = "10.0.1.0/24"; - - enable-reverse-mappings = true; - - srv-records = { - tcp = { - domain = [{ - port = 53; - host = "nostromo.sea.fudo.org"; - }]; - kerberos = [{ - port = 88; - host = "france.fudo.org"; - }]; - kerberos-adm = [{ - port = 88; - host = "france.fudo.org"; - }]; - ssh = [{ - port = 22; - host = "nostromo.sea.fudo.org"; - }]; - ldap = [{ - port = 389; - host = "france.fudo.org"; - }]; - }; - - udp = { - domain = [{ - port = 53; - host = "nostromo.sea.fudo.org"; - }]; - kerberos = [{ - port = 88; - host = "france.fudo.org"; - }]; - kerboros-master = [{ - port = 88; - host = "france.fudo.org"; - }]; - kpasswd = [{ - port = 464; - host = "france.fudo.org"; - }]; - }; - }; - - hosts = { - nostromo = { - ip-address = "10.0.0.1"; - mac-address = "46:54:76:06:f1:10"; - }; - lm = { - ip-address = "10.0.0.2"; - mac-address = "00:23:7d:e6:d9:ea"; - }; - lambda = { - ip-address = "10.0.0.3"; - mac-address = "02:50:f6:52:9f:9d"; - }; - switch-master = { - ip-address = "10.0.0.5"; - mac-address = "00:14:1C:B6:BB:40"; - }; - google-wifi = { - ip-address = "10.0.0.7"; - mac-address = "7C:D9:5C:9F:6F:E9"; - }; - # lm = { - # ip-address = "10.0.0.21"; - # mac-address = "52:54:00:D8:34:92"; - # }; - cam-entrance = { - ip-address = "10.0.0.31"; - mac-address = "9c:8e:cd:0e:99:7b"; - }; - cam-driveway = { - ip-address = "10.0.0.32"; - mac-address = "9c:8e:cd:0d:3b:09"; - }; - cam-deck = { - ip-address = "10.0.0.33"; - mac-address = "9c:8e:cd:0e:98:c8"; - }; - cargo = { - ip-address = "10.0.0.50"; - mac-address = "00:11:32:75:d8:b7"; - }; - whitedwarf = { - ip-address = "10.0.0.51"; - mac-address = "00:11:32:12:14:1d"; - }; - doraemon = { - ip-address = "10.0.0.52"; - mac-address = "00:11:32:0a:06:c5"; - }; - android = { - ip-address = "10.0.0.81"; - mac-address = "00:16:3e:43:39:fc"; - }; - retro-wired = { - ip-address = "10.0.0.82"; - mac-address = "dc:a6:32:6b:57:43"; - }; - retro = { - ip-address = "10.0.0.83"; - mac-address = "dc:a6:32:6b:57:45"; - }; - monolith = { - ip-address = "10.0.0.100"; - mac-address = "6c:62:6d:c8:b0:d8"; - }; - taipan = { - ip-address = "10.0.0.107"; - mac-address = "52:54:00:34:c4:78"; - }; - spark = { - ip-address = "10.0.0.108"; - mac-address = "78:24:af:04:f7:dd"; - }; - hyperion = { - ip-address = "10.0.0.109"; - mac-address = "52:54:00:33:46:de"; - }; - zbox = { - ip-address = "10.0.0.110"; - mac-address = "02:dd:80:52:83:9b"; - }; - ubiquiti-wifi = { - ip-address = "10.0.0.126"; - mac-address = "04:18:d6:20:48:fb"; - }; - generator-wireless = { - ip-address = "10.0.0.130"; - mac-address = "B8:27:EB:A6:32:26"; - }; - brother-wireless = { - ip-address = "10.0.0.160"; - mac-address = "c0:38:96:64:49:65"; - }; - nest = { - ip-address = "10.0.0.176"; - mac-address = "18:b4:30:16:7c:5a"; - }; - xixi-phone = { - ip-address = "10.0.0.193"; - mac-address = "48:43:7c:75:89:42"; - }; - ipad = { - ip-address = "10.0.0.202"; - mac-address = "9c:35:eb:48:6e:71"; - }; - cam-front = { - ip-address = "10.0.0.203"; - mac-address = "c4:d6:55:3e:b4:c3"; - }; - family-tv = { - ip-address = "10.0.0.205"; - mac-address = "84:a4:66:3a:b1:f8"; - }; - babycam = { - ip-address = "10.0.0.206"; - mac-address = "08:ea:40:59:5f:9e"; - }; - workphone = { - ip-address = "10.0.0.211"; - mac-address = "a8:8e:24:5c:12:67"; - }; - chromecast-2 = { - ip-address = "10.0.0.215"; - mac-address = "a4:77:33:59:a2:ba"; - }; - front-light = { - ip-address = "10.0.0.221"; - mac-address = "94:10:3e:48:94:ed"; - }; - - # Ceph network - srv-1 = { - ip-address = "10.0.10.1"; - mac-address = "02:65:d7:00:7d:1b"; - }; - node-1 = { - ip-address = "10.0.10.101"; - mac-address = "00:1e:06:36:81:cf"; - }; - node-2 = { - ip-address = "10.0.10.102"; - mac-address = "00:1e:06:36:ec:3e"; - }; - node-3 = { - ip-address = "10.0.10.103"; - mac-address = "00:1e:06:36:ec:4b"; - }; - node-4 = { - ip-address = "10.0.10.104"; - mac-address = "00:1e:06:36:dd:8c"; - }; - }; - }; - }; -} diff --git a/fudo/system-users.nix b/fudo/system-users.nix deleted file mode 100644 index 4ac5c76..0000000 --- a/fudo/system-users.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - replicator = { - description = "Database Replicator"; - hashed-password = "{SHA}HpiRMyxLR+0ZFHz/COvG9lcNYyQ="; - }; - - auth_reader = { - description = "System Authenticator"; - hashed-password = "{MD5}N36/kQ64mev1HARddvVk7Q=="; - }; - - user_db_reader = { - description = "User Database Reader"; - hashed-password = "{SSHA}IVKhrB+wMOCI/CCzbJW8sNDbH67ZTMBv"; - }; - - jabber = { - description = "Jabber Server"; - hashed-password = "{SSHA}KlQpe0n+NP0WcJUniHTD+JzUugzLo8Ib"; - }; -} diff --git a/fudo/user-aliases.nix b/fudo/user-aliases.nix deleted file mode 100644 index e38b19f..0000000 --- a/fudo/user-aliases.nix +++ /dev/null @@ -1,33 +0,0 @@ -# A map of user to a list of email aliases (better for users with multiple nicknames) - -{ - "niten@fudo.link" = [ - "ertian@fudo.org" - "peter@fudo.org" - "peter@fudo.link" - "pselby@fudo.org" - "yiliu@fudo.org" - "forum@selby.ca" - - "peter@selby.ca" - ]; - - "xiaoxuan@fudo.org" = [ - "xixi@fudo.org" - "claire@fudo.org" - - "xixi@selby.ca" - "claire@selby.ca" - ]; - - "reaper@fudo.org" = [ - "cricket@fudo.org" - "jstewart@fudo.org" - "jonathan@fudo.org" - "reaper@fudo.link" - ]; - - "swaff@fudo.org" = [ "mark@fudo.org" ]; - - "ken@selby.ca" = [ "kselby@selby.ca" ]; -} diff --git a/fudo/users.nix b/fudo/users.nix deleted file mode 100644 index 432aabb..0000000 --- a/fudo/users.nix +++ /dev/null @@ -1,442 +0,0 @@ -# Generate a hashed password using slappasswd. - -{ - niten = { - uid = 10000; - group = "admin"; - common-name = "Peter Selby"; - hashed-password = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; - }; - - andrew = { - uid = 10001; - group = "selby"; - common-name = "Andrew Selby"; - hashed-password = ""; - }; - - animus = { - uid = 10002; - group = "fudo"; - common-name = "James Frazer"; - hashed-password = ""; - }; - - ark = { - uid = 10005; - group = "fudo"; - common-name = "Roger Wong"; - hashed-password = ""; - }; - - ben = { - uid = 10007; - group = "fudo"; - common-name = "Ben"; - hashed-password = "{MD5}v0jY5bADu30cAR1Uu/eWYQ=="; - }; - - chad = { - uid = 10011; - group = "fudo"; - common-name = "Chad Isbister"; - hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; - }; - - ckoo = { - uid = 10014; - group = "fudo"; - common-name = "Jason Bush"; - hashed-password = "{MD5}KMFeaBc7e/gVzL/QUT0mYw=="; - }; - - dana = { - uid = 10015; - group = "fudo"; - common-name = "Dana Eftodie"; - hashed-password = "{MD5}+ijTylKau4uot2kGMqKSTA=="; - }; - - jill = { - uid = 10030; - group = "fudo"; - common-name = "Jill Isbister"; - hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; - }; - - joker4ever = { - uid = 10033; - group = "fudo"; - common-name = "Jack Clarke"; - hashed-password = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo"; - }; - - ken = { - uid = 10035; - group = "selby"; - common-name = "Ken Selby"; - hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1"; - # hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds"; - # hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc"; - }; - - reaper = { - uid = 10049; - group = "admin"; - common-name = "Jonathan Stewart"; - hashed-password = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ=="; - }; - - slickoil = { - uid = 10052; - group = "fudo"; - common-name = "Connor Cooley"; - hashed-password = "{MD5}8Qrpagi8TYnZQdFoYe02rA=="; - }; - - splat1 = { - uid = 10053; - group = "fudo"; - common-name = "Matt Evans"; - hashed-password = "{MD5}JeHNutGTBMHOqFgVlYjfpw=="; - }; - - swaff = { - uid = 10055; - group = "fudo"; - common-name = "Mark Swaffer"; - hashed-password = "{MD5}C5gIsLsaKSvIPydu4uzhNg=="; - }; - - brian = { - uid = 10056; - group = "selby"; - common-name = "Brian Selby"; - hashed-password = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1"; - }; - - rob = { - uid = 10057; - group = "selby"; - common-name = "Robert Selby"; - hashed-password = "{crypt}HD1ESf1hAGdks"; - }; - - tarbash = { - uid = 10059; - group = "fudo"; - common-name = "Neville"; - hashed-password = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//"; - }; - - darryl = { - uid = 10060; - group = "selby"; - common-name = "Darryl Kissick"; - hashed-password = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0"; - }; - - ayumi = { - uid = 10061; - group = "fudo"; - common-name = "Ayumi Kira"; - hashed-password = "{MD5}5OkpooOLxw94nF1lOfn/ZQ=="; - }; - - saphira = { - uid = 10063; - group = "fudo"; - common-name = "Elizabeth Stewart"; - hashed-password = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns."; - }; - - banen = { - uid = 10064; - group = "fudo"; - common-name = "Travis Neis"; - hashed-password = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S."; - }; - - xiaoxuan = { - uid = 10065; - group = "fudo"; - common-name = "Xiaoxuan Jin"; - hashed-password = "{MD5}iecbyMpyVkmOaMBzSFy58Q=="; - }; - - thibor = { - uid = 10066; - group = "fudo"; - common-name = ""; - hashed-password = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/."; - }; - - flowchart = { - uid = 10067; - group = "fudo"; - common-name = "BH Bieterse"; - hashed-password = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/"; - }; - - gubbs = { - uid = 10068; - group = "fudo"; - common-name = "Lorcan Gavin"; - hashed-password = "{MD5}AIf4bJZyHCnvJVL3YHRnIg=="; - }; - - debo = { - uid = 10069; - group = "fudo"; - common-name = "Deborah Osti"; - hashed-password = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1"; - }; - - leefolio = { - uid = 10070; - group = "fudo"; - common-name = "Ze Artiste"; - hashed-password = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1"; - }; - - zimm = { - uid = 10071; - group = "fudo"; - common-name = "Ross Drinkwater"; - hashed-password = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY"; - }; - - gaijin = { - uid = 10072; - group = "fudo"; - common-name = "Tetsuo Torigai"; - hashed-password = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0"; - }; - - anorthe = { - uid = 10073; - group = "fudo"; - common-name = "Bonnie Wong"; - hashed-password = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK."; - }; - - stewartd = { - uid = 10076; - group = "fudo"; - common-name = "Dwight Stewart"; - hashed-password = "{MD5}e2GSmH+l4ZZ808snWsFNYw=="; - }; - - jess = { - uid = 10078; - group = "selby"; - common-name = "Jessica Selby"; - hashed-password = "{MD5}2tbtZre16apUTNtRIK98nQ=="; - }; - - kevin = { - uid = 10079; - group = "selby"; - common-name = "Kevin Selby"; - hashed-password = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM."; - }; - - theblacksun = { - uid = 10080; - group = "fudo"; - common-name = "Brendan Goodfellow"; - hashed-password = "{MD5}Hmw6pFYYT87nmpLp0QxcQw=="; - }; - - kris = { - uid = 10082; - group = "selby"; - common-name = "Kris Huberdeau"; - hashed-password = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y"; - }; - - jun = { - uid = 10083; - group = "fudo"; - common-name = "Junichi Suzuki"; - hashed-password = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h."; - }; - - jinny = { - uid = 10084; - group = "fudo"; - common-name = "Hye-jin Kim"; - hashed-password = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30"; - }; - - helen = { - uid = 10086; - group = "selby"; - common-name = "Helen Selby"; - hashed-password = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; - }; - - vee = { - uid = 10087; - group = "selby"; - common-name = "Vee Selby"; - hashed-password = "snoinuer"; - }; - - dabar = { - uid = 10088; - group = "fudo"; - common-name = "Dan Bernardic"; - hashed-password = "{MD5}ULrk46YUeUZQrl0+wAQiWA=="; - }; - - r3d3 = { - uid = 10089; - group = "fudo"; - common-name = "Derek Veroni"; - hashed-password = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY="; - }; - - laura = { - uid = 10090; - group = "selby"; - common-name = "Laura Selby"; - hashed-password = "{MD5}MI65czN0duIudMhYH+BU9Q=="; - }; - - tuk = { - uid = 10091; - group = "fudo"; - common-name = "Taku Koba"; - hashed-password = "{MD5}DQuoQluy50128r8MxAmFkQ=="; - }; - - aki = { - uid = 10092; - group = "fudo"; - common-name = "Akihito Mori"; - hashed-password = "{MD5}oGAt2kJGKMqX+CmfV1w/GA=="; - }; - - ansyg = { - uid = 10095; - group = "fudo"; - common-name = "Anseok Joo"; - hashed-password = "{MD5}AHhHl02D3uDmWhPJZ6QPOw=="; - }; - - jackie = { - uid = 10097; - group = "selby"; - common-name = "Jackie Selby"; - hashed-password = "{MD5}fa6JfWySlH63sITsxrTt0Q=="; - }; - - mtopf = { - uid = 10100; - group = "fudo"; - common-name = "Michael Topf"; - hashed-password = "{MD5}/pleD8SiLhmnRr1RVspNcA=="; - }; - - tat = { - uid = 10101; - group = "fudo"; - common-name = "Tatsuro Akano"; - hashed-password = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA=="; - }; - - blatzkrieg = { - uid = 10102; - group = "fudo"; - common-name = "Brendan Blatz"; - hashed-password = "{MD5}1nE/ndFwGbfH/wLagxvt8w=="; - }; - - ellie = { - uid = 10103; - group = "fudo"; - common-name = "Ellie Lee"; - hashed-password = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA=="; - }; - - alan = { - uid = 10104; - group = "fudo"; - common-name = "Alan Wong"; - hashed-password = "{MD5}WhohVE4xfo9RIOw1kG3s1Q=="; - }; - - omefire = { - uid = 10105; - group = "fudo"; - common-name = "Omar Mefire"; - hashed-password = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5"; - }; - - gordon = { - uid = 10106; - group = "fudo"; - common-name = "Gordon Stewart"; - hashed-password = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0"; - }; - - jeramy = { - uid = 10107; - group = "selby"; - common-name = "Jeramy Ewbank"; - hashed-password = "{MD5}8j8vTniyRzylmeTNUoRwWA=="; - }; - - lauren = { - uid = 10108; - group = "selby"; - common-name = "Lauren Hotel"; - hashed-password = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR"; - # hashed-password = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg=="; - }; - - # Used to send alerts from grafana - metrics = { - uid = 10109; - group = "fudo"; - common-name = "Fudo Metrics"; - hashed-password = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1"; - }; - - testuser = { - uid = 10110; - group = "fudo"; - common-name = "Test User"; - hashed-password = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6"; - }; - - # Used to send messages from the chat server - chat = { - uid = 10111; - group = "fudo"; - common-name = "Fudo Chat"; - hashed-password = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7"; - }; - - kevinyinjunjie = { - uid = 10112; - group = "fudo"; - common-name = "Kevin"; - hashed-password = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl"; - }; - - netinfo = { - uid = 10113; - group = "fudo"; - common-name = "Network Info Mailer"; - hashed-password = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc"; - }; - - selby-forum = { - uid = 10114; - group = "selby"; - common-name = "Selby Forum"; - hashed-password = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q"; - }; -} diff --git a/hardware.nix b/hardware.nix deleted file mode 100644 index d3870ce..0000000 --- a/hardware.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: - -let - current-hostname = config.instance.hostname; - - hardware-config = config.fudo.hosts.${current-hostname}.hardware-config; - - import-hardware-config = hostname: { - imports = [ hardware-config ]; - }; -in { - imports = - [ (import-hardware-config current-hostname) ]; -} diff --git a/hosts/atom.nix b/hosts/atom.nix deleted file mode 100644 index efd4498..0000000 --- a/hosts/atom.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, pkgs, ... }: - -let - hostname = "atom"; - -in { - - imports = [ - ../defaults.nix - ../hardware-configuration.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - networking.hostName = hostname; - - environment.systemPackages = with pkgs; [ - glxinfo - hll2380dw-cups - usbutils - ]; - - fudo.common = { - profile = "laptop"; - site = "seattle"; - }; - - hardware.cpu.amd.updateMicrocode = true; - - programs = { - bash.enableCompletion = true; - }; - - fudo.laptop.use-network-manager = false; - fudo.common.enable-gui = true; - - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - hardware.opengl.driSupport = true; - - hardware.pulseaudio.support32Bit = true; - - hardware.bluetooth.enable = true; -} diff --git a/hosts/clunk.nix b/hosts/clunk.nix deleted file mode 100644 index 0c34d35..0000000 --- a/hosts/clunk.nix +++ /dev/null @@ -1,165 +0,0 @@ -{ lib, config, pkgs, ... }: - -let - hostname = "clunk"; - host-internal-ip = "10.0.0.1"; - dns-proxy-ip = "10.0.0.2"; - inherit (lib.strings) concatStringsSep; - -in { - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot = { runSize = "50%"; }; - - hardware.bluetooth.enable = false; - - imports = [ ../defaults.nix ../hardware-configuration.nix ]; - - fudo.common = { - profile = "server"; - site = "russell"; - }; - - fudo.local-network = { - enable = true; - dns-servers = [ host-internal-ip ]; - gateway = host-internal-ip; - dhcp-interfaces = [ "intif0" ]; - dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" "::1" ]; - # Using a pihole running in docker, see below - recursive-resolver = "${host-internal-ip} port 5353"; - server-ip = host-internal-ip; - }; - - networking = { - hostName = hostname; - - nameservers = [ host-internal-ip ]; - - # Create a bridge for VMs to use - macvlans = { - intif0 = { - interface = "enp2s0"; - mode = "bridge"; - }; - }; - - firewall = { - enable = true; - trustedInterfaces = [ "intif0" "docker0" ]; - }; - - interfaces = { - enp2s0.useDHCP = false; - enp3s0.useDHCP = false; - enp4s0.useDHCP = false; - - enp1s0.useDHCP = true; - - intif0 = { - useDHCP = false; - # Result of: - # echo clunk-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' - macAddress = "02:44:d1:eb:c3:6b"; - ipv4.addresses = [ - { - address = host-internal-ip; - prefixLength = 22; - } - - { - address = dns-proxy-ip; - prefixLength = 32; - } - ]; - }; - }; - - nat = { - enable = true; - externalInterface = "enp1s0"; - internalInterfaces = [ "intif0" ]; - }; - }; - - fudo = { - garbage-collector = { - enable = true; - timing = "hourly"; - }; - - secure-dns-proxy = { - enable = true; - port = 53; - upstream-dns = [ - "https://1.1.1.1/dns-query" - "https://1.0.0.1/dns-query" - #"https://9.9.9.9/dns-query" - ]; - bootstrap-dns = "1.1.1.1"; - listen-ips = [ dns-proxy-ip ]; - }; - }; - - environment.systemPackages = with pkgs; [ dnsproxy ]; - - virtualisation = { - docker = { - enable = true; - autoPrune.enable = true; - enableOnBoot = true; - }; - }; - - docker-containers = { - pihole = { - image = "pihole/pihole:v5.1.2"; - ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ]; - environment = { - ServerIP = host-internal-ip; - VIRTUAL_HOST = "dns-hole.rus.selby.ca"; - # Not working? - DNS1 = dns-proxy-ip; - #DNS1 = "1.1.1.1"; - }; - volumes = [ - "/srv/pihole/etc-pihole/:/etc/pihole/" - "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" - ]; - }; - }; - - services.nginx = { - enable = true; - - recommendedOptimisation = true; - recommendedGzipSettings = true; - - virtualHosts = { - "dns-hole.rus.selby.ca" = { - serverAliases = [ - "pihole.rus.selby.ca" - "hole.rus.selby.ca" - "pihole" - "dns-hole" - "hole" - ]; - - locations."/" = { - proxyPass = "http://127.0.0.1:3080"; - - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-By $server_addr:$server_port; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - }; - }; -} diff --git a/hosts/france.nix b/hosts/france.nix deleted file mode 100644 index 00aba3d..0000000 --- a/hosts/france.nix +++ /dev/null @@ -1,598 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - domain = "fudo.org"; - hostname = "france.${domain}"; - mail-hostname = "mail.${domain}"; - host_ipv4 = "208.81.3.117"; - # Use a special IP for git.fudo.org, since it needs to be SSH-able - link_ipv4 = "208.81.3.126"; - all-hostnames = [ ]; - - acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem"; - acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem"; - acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem"; - - fudo-ca = "/etc/nixos/static/fudo_ca.pem"; - - minecraft-data-dir = "/srv/minecraft/data"; - - system-mail-directory = "/srv/mail"; - -in { - - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/sda"; - }; - - imports = [ - ../hardware-configuration.nix - ../defaults.nix - ./france/jabber.nix - ./france/backplane.nix - ./france/selby-forum.nix - ]; - - environment.systemPackages = with pkgs; [ - docker - lxd - multipath-tools - nix-prefetch-docker - powerdns - tshark - vanilla-forum - ]; - - fudo.common = { - # Sets some server-common settings. See /etc/nixos/fudo/profiles/... - profile = "server"; - - # Sets some common site-specific settings: gateway, monitoring, etc. See /etc/nixos/fudo/sites/... - site = "portage"; - - domain = domain; - - www-root = /srv/www; - - local-networks = - [ "208.81.1.128/28" "208.81.3.112/28" "172.17.0.0/16" "127.0.0.0/8" ]; - }; - - fudo.prometheus = { - enable = true; - hostname = "metrics.fudo.org"; - service-discovery-dns = { - node = [ "node._metrics._tcp.fudo.org" ]; - postfix = [ "postfix._metrics._tcp.fudo.org" ]; - dovecot = [ "dovecot._metrics._tcp.fudo.org" ]; - rspamd = [ "rspamd._metrics._tcp.fudo.org" ]; - }; - }; - - fudo.grafana = { - enable = true; - hostname = "monitor.fudo.org"; - smtp-username = "metrics"; - smtp-password-file = "/srv/grafana/secure/smtp.passwd"; - admin-password-file = "/srv/grafana/secure/admin.passwd"; - secret-key-file = "/srv/grafana/secure/secret.key"; - prometheus-host = "metrics.fudo.org"; - database = { - name = "grafana"; - hostname = "localhost"; - user = "grafana"; - password-file = /srv/grafana/secure/db.passwd; - }; - }; - - # So that grafana waits for postgresql - systemd.services.grafana.after = [ "postgresql.service" ]; - - fudo.postgresql = { - enable = true; - ssl-private-key = (acme-private-key hostname); - ssl-certificate = (acme-certificate hostname); - keytab = "/srv/postgres/secure/postgres.keytab"; - - # We allow connections from local networks. Auth is still required. Outside - # of these networks, no access is allowed. - # - # TODO: that's probably too strict, allow kerberos connections from anywhere? - local-networks = [ - "208.81.1.128/28" - "208.81.3.112/28" - "192.168.11.1/24" - "127.0.0.1/8" - "172.17.0.0/16" - ]; - - users = { - fudo_git = { - password-file = "/srv/git/secure/db.passwd"; - databases = { - fudo_git = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; - }; - }; - }; - }; - grafana = { - password-file = "/srv/grafana/secure/db.passwd"; - databases = { - grafana = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; - }; - }; - }; - }; - mattermost = { - password-file = "/srv/mattermost/secure/db.passwd"; - databases = { - mattermost = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; - }; - }; - }; - }; - webmail = { - password-file = "/srv/webmail/secure/db.passwd"; - databases = { - webmail = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; - }; - }; - }; - }; - niten = { }; - }; - - local-users = [ "niten" "fudo_git" ]; - - databases = { - fudo_git = { users = [ "niten" ]; }; - grafana = { users = [ "niten" ]; }; - mattermost = { users = [ "niten" ]; }; - webmail = { users = [ "niten" ]; }; - }; - }; - - fudo.dns = { - enable = true; - - identity = "france.fudo.org"; - - nameservers = { - ns1 = { - ip-addresses = [ "208.81.3.117" ]; - ipv6-addresses = [ "2605:e200:d200:1:5054:ff:fe8c:9738" ]; - description = "Nameserver 1, france, in Winnipeg, MB, CA"; - rp = "reaper reaper.rp"; - }; - ns2 = { - ip-addresses = [ "209.117.102.102" ]; - ipv6-addresses = [ "2001:470:1f16:40::2" ]; - description = "Nameserver 2, musashi, in Winnipeg, MB, CA"; - rp = "reaper reaper.rp"; - }; - ns3 = { - ip-addresses = [ "104.131.53.95" ]; - ipv6-addresses = [ "2604:a880:800:10::8:7001" ]; - description = - "Nameserver 3, ns2.henchmman21.net, in New York City, NY, US"; - rp = "reaper reaper.rp"; - }; - ns4 = { - ip-addresses = [ "204.42.254.5" ]; - ipv6-addresses = [ "2001:418:3f4::5" ]; - description = "Nameserver 4, puck.nether.net, in Chicago, IL, US"; - rp = "reaper reaper.rp"; - }; - }; - - listen-ips = [ host_ipv4 ]; - - domains = { "fudo.org" = import ../fudo/fudo.org.nix { inherit config; }; }; - }; - - # Not all users need access to france; don't allow LDAP-user access. - fudo.authentication.enable = false; - - # But we DO run an LDAP auth server. Should be better-named. - fudo.auth = { - server = { - enable = true; - base = "dc=fudo,dc=org"; - organization = "Fudo"; - rootpw-file = "/srv/ldap/secure/root.pw"; - kerberos-host = "france.fudo.org"; - kerberos-keytab = "/srv/ldap/secure/ldap.keytab"; - - sslCert = "/srv/ldap/france.fudo.org.pem"; - sslKey = "/srv/ldap/secure/france.fudo.org-key.pem"; - sslCACert = fudo-ca; - - # We're using fudo-generated certs for now, but we should move to ACME - # once I can figure out how to correctly produce the ca.pem file. Until - # then, the server will fail to start using these certs. See: - # https://serverfault.com/a/834565 - - # sslCert = (acme-bare-cert hostname); - # sslKey = (acme-private-key hostname); - # sslCACert = acme-ca; - - listen-uris = [ "ldap:///" "ldaps:///" "ldapi:///" ]; - - users = import ../fudo/users.nix; - - groups = import ../fudo/groups.nix; - - system-users = import ../fudo/system-users.nix; - }; - - # Heimdal Kerberos server - kdc = { - enable = true; - database-path = "/var/heimdal/heimdal"; - realm = "FUDO.ORG"; - mkey-file = "/var/heimdal/m-key"; - acl-file = "/etc/heimdal/kdc.acl"; - bind-addresses = [ host_ipv4 "127.0.0.1" "127.0.1.1" ]; - }; - }; - - # TODO: not used yet - fudo.acme.hostnames = all-hostnames; - - fudo.client.dns = { - enable = true; - ipv4 = true; - ipv6 = true; - user = "fudo-client"; - external-interface = "extif0"; - password-file = "/srv/client/secure/client.passwd"; - }; - - fudo.mail-server = import ../fudo/email.nix { inherit config; } // { - enableContainer = true; - debug = true; - monitoring = true; - - hostname = mail-hostname; - - postfix.ssl-certificate = (acme-certificate mail-hostname); - postfix.ssl-private-key = (acme-private-key mail-hostname); - dovecot.ssl-certificate = (acme-certificate mail-hostname); - dovecot.ssl-private-key = (acme-private-key mail-hostname); - - state-directory = "${system-mail-directory}/var"; - mail-directory = "${system-mail-directory}/mailboxes"; - - dovecot.ldap = { - reader-dn = "cn=user_db_reader,dc=fudo,dc=org"; - reader-passwd = fileContents /srv/ldap/secure/user_db.passwd; - - # FIXME: use SSL once I can figure out Acme SSL cert CA for LDAP. - server-urls = [ "ldap://france.fudo.org" ]; - }; - - clamav.enable = true; - - dkim.signing = true; - }; - - fudo.webmail = { - enable = true; - - sites = { - "webmail.fudo.link" = { - title = "Fudo Link Webmail"; - favicon = "/etc/nixos/static/fudo.link/favicon.ico"; - mail-server = mail-hostname; - domain = "fudo.link"; - edit-mode = "Plain"; - layout-mode = "bottom"; - database = { - name = "webmail"; - hostname = "localhost"; - user = "webmail"; - password-file = "/srv/webmail/secure/db.passwd"; - }; - }; - - "webmail.test.fudo.org" = { - title = "Fudo Webmail"; - favicon = "/etc/nixos/static/fudo.org/favicon.ico"; - mail-server = mail-hostname; - domain = "fudo.org"; - edit-mode = "Plain"; - database = { - name = "webmail"; - hostname = "localhost"; - user = "webmail"; - password-file = "/srv/webmail/secure/db.passwd"; - }; - }; - - "webmail.fudo.org" = { - title = "Fudo Webmail"; - favicon = "/etc/nixos/static/fudo.org/favicon.ico"; - mail-server = mail-hostname; - domain = "fudo.org"; - edit-mode = "Plain"; - database = { - name = "webmail"; - hostname = "localhost"; - user = "webmail"; - password-file = "/srv/webmail/secure/db.passwd"; - }; - }; - - "webmail.test.selby.ca" = { - title = "Selby Webmail"; - favicon = "/etc/nixos/static/selby.ca/favicon.ico"; - mail-server = mail-hostname; - domain = "selby.ca"; - database = { - name = "webmail"; - hostname = "localhost"; - user = "webmail"; - password-file = "/srv/webmail/secure/db.passwd"; - }; - }; - - "webmail.selby.ca" = { - title = "Selby Webmail"; - favicon = "/etc/nixos/static/selby.ca/favicon.ico"; - mail-server = mail-hostname; - domain = "selby.ca"; - database = { - name = "webmail"; - hostname = "localhost"; - user = "webmail"; - password-file = "/srv/webmail/secure/db.passwd"; - }; - }; - }; - }; - - fudo.chat = { - enable = true; - - hostname = "chat.fudo.org"; - site-name = "Fudo Chat"; - smtp-server = "mail.fudo.org"; - smtp-user = "chat"; - smtp-password-file = "/srv/mattermost/secure/smtp.passwd"; - database = { - name = "mattermost"; - hostname = "localhost"; - user = "mattermost"; - password-file = "/srv/mattermost/secure/db.passwd"; - }; - }; - - fudo.git = { - enable = true; - hostname = "git.fudo.org"; - site-name = "Fudo Git"; - user = "fudo_git"; - database = { - user = "fudo_git"; - password-file = /srv/git/secure/db.passwd; - hostname = "127.0.0.1"; - name = "fudo_git"; - }; - repository-dir = /srv/git/repo; - state-dir = /srv/git/state; - ssh = { - listen-ip = link_ipv4; - listen-port = 2222; - }; - }; - - networking = { - hostName = hostname; - - dhcpcd.enable = false; - useDHCP = false; - - # TODO: fix IPv6 - enableIPv6 = true; - - # Create a bridge for VMs to use - macvlans = { - extif0 = { - interface = "enp4s0f0"; - mode = "bridge"; - }; - extif1 = { - interface = "enp4s0f0"; - mode = "bridge"; - }; - intif0 = { - interface = "enp4s0f1"; - mode = "bridge"; - }; - }; - - interfaces = { - extif0 = { - # result of: - # echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' - macAddress = "02:d4:e8:3b:10:2f"; - ipv4.addresses = [{ - address = host_ipv4; - prefixLength = 28; - }]; - }; - extif1 = { - macAddress = "02:6d:e2:e1:ad:ca"; - ipv4.addresses = [{ - address = link_ipv4; - prefixLength = 28; - }]; - }; - intif0 = { - # result of: - # echo $FQDN-intif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' - macAddress = "02:ba:ba:e9:08:21"; - ipv4.addresses = [{ - address = "192.168.11.1"; - prefixLength = 24; - }]; - }; - }; - }; - - hardware.bluetooth.enable = false; - - virtualisation = { - docker = { - enable = true; - enableOnBoot = true; - - autoPrune = { enable = true; }; - }; - - lxd = { enable = true; }; - }; - - fileSystems = { - "/srv/archiva" = { - fsType = "btrfs"; - options = [ "subvol=archiva" ]; - label = "pool0"; - }; - "/srv/grafana" = { - fsType = "btrfs"; - options = [ "subvol=grafana" ]; - label = "pool0"; - }; - "${system-mail-directory}" = { - fsType = "btrfs"; - options = [ "subvol=mail" ]; - label = "pool0"; - }; - "/srv/gitlab" = { - fsType = "btrfs"; - options = [ "subvol=gitlab" ]; - label = "pool0"; - }; - "/var/lib/lxd/storage-pools/pool0" = { - fsType = "btrfs"; - label = "pool0"; - device = "/dev/disk/by-label/pool0"; - }; - "/var/lib/lxd/storage-pools/pool1" = { - fsType = "btrfs"; - label = "pool1"; - device = "/dev/france-user/fudo-user"; - }; - }; - - users = { - extraUsers = { - archiva = { - isNormalUser = false; - group = "nogroup"; - uid = 8001; - }; - - fudo_git = { - isNormalUser = false; - uid = 8006; - }; - }; - }; - - security.acme.certs = { - "archiva.fudo.org".email = config.fudo.common.admin-email; - "git.fudo.org".email = config.fudo.common.admin-email; - "mail.fudo.org".email = config.fudo.common.admin-email; - }; - - services = { - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - virtualHosts = { - "archiva.fudo.org" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:8001"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-By $server_addr:$server_port; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - - # Needed to grab a cert for the mail server. - "mail.fudo.org" = { - enableACME = true; - # Stopped relocating all because we need /metrics/... paths to remain unforwarded - locations."/" = { - return = "301 https://webmail.fudo.org$request_uri"; - }; - }; - }; - }; - }; - - docker-containers = { - archiva = { - image = "xetusoss/archiva"; - ports = [ "127.0.0.1:8001:8080" ]; - # Ugly: name-to-uid lookup fails. - user = toString config.users.users.archiva.uid; - volumes = [ "/srv/archiva:/archiva-data" ]; - environment = { - # Not directly connected to the world anyway - SSL_ENABLED = "false"; - PROXY_BASE_URL = "https://archiva.fudo.org/"; - }; - }; - }; - - fudo.ipfs = { - enable = true; - users = [ "niten" "reaper" ]; - api-address = "/ip4/${host_ipv4}/tcp/5001"; - }; - - ### - # Minecraft - ### - - fudo.minecraft-server = { - enable = true; - package = pkgs.minecraft-server_1_16_4; - data-dir = minecraft-data-dir; - world-name = "selbyland"; - motd = "Welcome to the Selby Minecraft server."; - }; -} diff --git a/hosts/france/backplane.nix b/hosts/france/backplane.nix deleted file mode 100644 index 0d98b60..0000000 --- a/hosts/france/backplane.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ pkgs, lib, config, ... }: - -with lib; -let - -in { - config = { - users = { - users = { - backplane-powerdns = { - isSystemUser = true; - }; - backplane-dns = { - isSystemUser = true; - }; - }; - - groups = { - backplane-powerdns = { - members = [ "backplane-powerdns" ]; - }; - backplane-dns = { - members = [ "backplane-dns" ]; - }; - }; - }; - - fudo = { - password.file-generator = { - dns_backplane_powerdns = { - file = "/srv/backplane/dns/secure/db_powerdns.passwd"; - user = config.services.postgresql.superUser; - group = "backplane-powerdns"; - restart-services = [ - "backplane-dns-config-generator.service" - "postgresql-password-setter.service" - "backplane-powerdns.service" - ]; - }; - dns_backplane_database = { - file = "/srv/backplane/dns/secure/db_backplane.passwd"; - user = config.services.postgresql.superUser; - group = "backplane-dns"; - restart-services = [ - "backplane-dns.service" - "postgresql-password-setter.service" - ]; - }; - }; - - postgresql = { - enable = true; - required-services = [ "fudo-passwords.target" ]; - - users = { - backplane_powerdns = { - password-file = "/srv/backplane/dns/secure/db_powerdns.passwd"; - databases = { - backplane_dns = { - access = "CONNECT"; - # entity-access = { - # "ALL TABLES IN SCHEMA public" = "SELECT"; - # }; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; - }; - }; - }; - }; - backplane_dns = { - password-file = "/srv/backplane/dns/secure/db_backplane.passwd"; - databases = { - backplane_dns = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; - }; - }; - }; - }; - }; - - databases = { - backplane_dns = { - users = ["niten"]; - }; - }; - }; - - backplane.dns = { - enable = true; - listen-v4-addresses = [ "208.81.3.126" ]; - listen-v6-addresses = [ "[2605:e200:d200:1:6d:e2ff:fee1:adca]" ]; - required-services = [ "fudo-passwords.target" ]; - user = "backplane-dns"; - group = "backplane-dns"; - database = { - username = "backplane_powerdns"; - database = "backplane_dns"; - # Uses an IP to avoid cyclical dependency...not really relevant, but - # whatever - host = "127.0.0.1"; - password-file = "/srv/backplane/dns/secure/db_powerdns.passwd"; - }; - backplane = { - host = "backplane.fudo.org"; - role = "service-dns"; - password-file = "/srv/backplane/dns/secure/backplane.passwd"; - database = { - username = "backplane_dns"; - database = "backplane_dns"; - host = "127.0.0.1"; - password-file = "/srv/backplane/dns/secure/db_backplane.passwd"; - }; - }; - }; - }; - }; -} diff --git a/hosts/france/forum-config/config-defaults.php b/hosts/france/forum-config/config-defaults.php deleted file mode 100644 index c078d59..0000000 --- a/hosts/france/forum-config/config-defaults.php +++ /dev/null @@ -1,180 +0,0 @@ - false, // PDO::ATTR_PERSISTENT - 1000 => true, // PDO::MYSQL_ATTR_USE_BUFFERED_QUERY (missing in some PHP installations) -]; - -// Use a dirty cache by default. Try Vanilla with memcached! -$Configuration['Cache']['Enabled'] = true; -$Configuration['Cache']['Method'] = 'dirtycache'; -$Configuration['Cache']['Filecache']['Store'] = PATH_CACHE.'/Filecache'; - -// Technical content stuff. -$Configuration['Garden']['ContentType'] = 'text/html'; -$Configuration['Garden']['Locale'] = 'en'; -$Configuration['Garden']['LocaleCodeset'] = 'UTF8'; - -$Configuration['HotReload']['IP'] = '127.0.0.1'; - -$Configuration['ContentSecurityPolicy']['ScriptSrc']['AllowedDomains'] = []; - -// Site specifics. -$Configuration['Garden']['Installed'] = false; // Has Garden been installed yet? This blocks setup when true. -$Configuration['Garden']['Title'] = 'Vanilla'; -$Configuration['Garden']['Domain'] = ''; -$Configuration['Garden']['WebRoot'] = false; // You can set this value if you are using htaccess to direct into the application, but the correct webroot isn't being recognized. -$Configuration['Garden']['StripWebRoot'] = false; -$Configuration['Garden']['AllowSSL'] = true; -$Configuration['Garden']['PrivateCommunity'] = false; -$Configuration['Garden']['Forms']['HoneypotName'] = 'hpt'; - -// Developer stuff. -$Configuration['Garden']['Debug'] = false; -$Configuration['Garden']['Errors']['LogFile'] = ''; -$Configuration['Garden']['FolderBlacklist'] = ['.', '..', '_svn', '.git']; // Folders we should never search for classes. - -// User registration & authentication. -$Configuration['Garden']['Session']['Length'] = '15 minutes'; -$Configuration['Garden']['Cookie']['Salt'] = ''; // We do this during setup, chill. -$Configuration['Garden']['Cookie']['Name'] = 'Vanilla'; -$Configuration['Garden']['Cookie']['Path'] = '/'; -$Configuration['Garden']['Cookie']['Domain'] = ''; -$Configuration['Garden']['Cookie']['HashMethod'] = 'md5'; // md5 or sha1 -$Configuration['Garden']['Authenticator']['DefaultScheme'] = 'password'; // Types include 'Password', 'Handshake', 'Openid' -$Configuration['Garden']['Authenticator']['RegisterUrl'] = '/entry/register?Target=%2$s'; -$Configuration['Garden']['Authenticator']['SignInUrl'] = '/entry/signin?Target=%2$s'; -$Configuration['Garden']['Authenticator']['SignOutUrl'] = '/entry/signout/{Session_TransientKey}?Target=%2$s'; -$Configuration['Garden']['Authenticator']['EnabledSchemes'] = ['password']; -$Configuration['Garden']['Authenticator']['SyncScreen'] = "smart"; -$Configuration['Garden']['Authenticators']['password']['Name'] = "Password"; -$Configuration['Garden']['UserAccount']['AllowEdit'] = true; // Allow users to edit their account information? (SSO requires accounts be edited in external system). -$Configuration['Garden']['Registration']['Method'] = 'Captcha'; // Options are: Basic, Captcha, Approval, Invitation -$Configuration['Garden']['Registration']['InviteExpiration'] = '1 week'; // When invitations expire. This will be plugged into strtotime(). -$Configuration['Garden']['Registration']['InviteRoles'] = 'FALSE'; -$Configuration['Garden']['Registration']['ConfirmEmail'] = false; -$Configuration['Garden']['Registration']['MinPasswordLength'] = 6; -$Configuration['Garden']['Registration']['NameUnique'] = true; -$Configuration['Garden']['TermsOfService'] = '/home/termsofservice'; // The url to the terms of service. -$Configuration['Garden']['Password']['MinLength'] = 6; -$Configuration['Garden']['Roles']['Manage'] = true; // @deprecated - -// Garden security features -$Configuration['Garden']['Security']['Hsts']['IncludeSubDomains'] = false; -$Configuration['Garden']['Security']['Hsts']['Preload'] = false; -$Configuration['Garden']['Security']['Hsts']['MaxAge'] = 604800; - -// Outgoing email. -$Configuration['Garden']['Email']['UseSmtp'] = false; -$Configuration['Garden']['Email']['SmtpHost'] = ''; -$Configuration['Garden']['Email']['SmtpUser'] = ''; -$Configuration['Garden']['Email']['SmtpPassword'] = ''; -$Configuration['Garden']['Email']['SmtpPort'] = '25'; -$Configuration['Garden']['Email']['SmtpSecurity'] = ''; // ssl/tls -$Configuration['Garden']['Email']['MimeType'] = 'text/plain'; -$Configuration['Garden']['Email']['SupportName'] = 'Support'; -$Configuration['Garden']['Email']['SupportAddress'] = ''; - -// Contact with the mothership. -$Configuration['Garden']['UpdateCheckUrl'] = 'https://open.vanillaforums.com/addons/update'; -$Configuration['Garden']['AddonUrl'] = 'https://open.vanillaforums.com/addons'; -$Configuration['Garden']['VanillaUrl'] = 'https://open.vanillaforums.com'; - -// File handling. -$Configuration['Garden']['CanProcessImages'] = false; -$Configuration['Garden']['Upload']['MaxFileSize'] = '50M'; -$Configuration['Garden']['Upload']['AllowedFileExtensions'] = [ - 'txt', 'jpg', 'jpeg', 'gif', 'png', 'bmp', 'tiff', 'ico', 'zip', 'gz', 'tar.gz', 'tgz', 'psd', 'ai', 'pdf', 'doc', 'xls', 'ppt', 'docx', 'xlsx', 'pptx', 'log', 'rar', '7z' -]; -$Configuration['Garden']['Profile']['MaxHeight'] = 560; -$Configuration['Garden']['Profile']['MaxWidth'] = 560; -$Configuration['Garden']['Thumbnail']['Size'] = 200; - -// Appearance. -$Configuration['Garden']['Theme'] = 'keystone'; -$Configuration['Garden']['MobileTheme'] = 'mobile'; -$Configuration['Garden']['Menu']['Sort'] = ['Dashboard', 'Discussions', 'Questions', 'Activity', 'Applicants', 'Conversations', 'User']; -$Configuration['Garden']['ThemeOptions']['Styles']['Key'] = 'Default'; -$Configuration['Garden']['ThemeOptions']['Styles']['Value'] = '%s_default'; - -// Profiles. -$Configuration['Garden']['Profile']['Public']= true; -$Configuration['Garden']['Profile']['ShowAbout'] = true; -$Configuration['Garden']['Profile']['EditPhotos'] = true; // false to disable user photo editing -$Configuration['Garden']['Profile']['EditUsernames'] = false; -$Configuration['Garden']['BannedPhoto'] = 'https://images.v-cdn.net/banned_large.png'; - -// Embedding forum & comments. -$Configuration['Garden']['Embed']['CommentsPerPage'] = 50; -$Configuration['Garden']['Embed']['SortComments'] = 'desc'; -$Configuration['Garden']['Embed']['PageToForum'] = true; -$Configuration['Garden']['SignIn']['Popup'] = true; // Should the sign-in link pop up or go to it's own page? (SSO requires going to it's own external page) - -// User experience & formatting. -$Configuration['Garden']['InputFormatter'] = 'Rich'; // Html, BBCode, Markdown, Text, Rich -$Configuration['Garden']['MobileInputFormatter'] = 'Rich'; -$Configuration['Garden']['Html']['AllowedElements'] = "a, abbr, acronym, address, area, audio, b, bdi, bdo, big, blockquote, br, caption, center, cite, code, col, colgroup, dd, del, details, dfn, div, dl, dt, em, figure, figcaption, font, h1, h2, h3, h4, h5, h6, hgroup, hr, i, img, ins, kbd, li, map, mark, menu, meter, ol, p, pre, q, s, samp, small, span, strike, strong, sub, sup, summary, table, tbody, td, tfoot, th, thead, time, tr, tt, u, ul, var, video, wbr"; -$Configuration['Garden']['Search']['Mode'] = 'boolean'; // matchboolean, match, boolean, like -$Configuration['Garden']['EditContentTimeout'] = 3600; // -1 means no timeout. 0 means immediate timeout. > 0 is in seconds. 60 * 60 = 3600 (aka 1hr) -$Configuration['Garden']['Format']['Mentions'] = true; -$Configuration['Garden']['Format']['Hashtags'] = false; -$Configuration['Garden']['Format']['YouTube'] = true; -$Configuration['Garden']['Format']['Vimeo'] = true; -$Configuration['Garden']['Format']['EmbedSize'] = 'normal'; // tiny/small/normal/big/huge or WIDTHxHEIGHT - -// Default preferences. Setting these to 'false' disables them globally. -$Configuration['Preferences']['Email']['ConversationMessage'] = '1'; -$Configuration['Preferences']['Email']['BookmarkComment'] = '1'; -$Configuration['Preferences']['Email']['ParticipateComment'] = '0'; -$Configuration['Preferences']['Email']['WallComment'] = '0'; -$Configuration['Preferences']['Email']['ActivityComment'] = '0'; -$Configuration['Preferences']['Email']['DiscussionComment'] = '0'; -$Configuration['Preferences']['Email']['Mention'] = '0'; -$Configuration['Preferences']['Popup']['ConversationMessage'] = '1'; -$Configuration['Preferences']['Popup']['BookmarkComment'] = '1'; -$Configuration['Preferences']['Popup']['ParticipateComment'] = '0'; -$Configuration['Preferences']['Popup']['WallComment'] = '1'; -$Configuration['Preferences']['Popup']['ActivityComment'] = '1'; -$Configuration['Preferences']['Popup']['DiscussionComment'] = '1'; -$Configuration['Preferences']['Popup']['Mention'] = '1'; - -// Module visibility and sorting. -$Configuration['Garden']['Modules']['ShowGuestModule'] = true; -$Configuration['Garden']['Modules']['ShowSignedInModule'] = false; -$Configuration['Garden']['Modules']['ShowRecentUserModule'] = false; -$Configuration['Modules']['Dashboard']['Panel'] = ['MeModule', 'UserBoxModule', 'ActivityFilterModule', 'UserPhotoModule', 'ProfileFilterModule', 'SideMenuModule', 'UserInfoModule', 'GuestModule', 'Ads']; -$Configuration['Modules']['Dashboard']['Content'] = ['MessageModule', 'MeModule', 'UserBoxModule', 'ProfileOptionsModule', 'Notices', 'ActivityFilterModule', 'ProfileFilterModule', 'Content', 'Ads']; -$Configuration['Modules']['Vanilla']['Panel'] = ['MeModule', 'UserBoxModule', 'GuestModule', 'NewDiscussionModule', 'DiscussionFilterModule', 'SignedInModule', 'Ads']; -$Configuration['Modules']['Vanilla']['Content'] = ['MessageModule', 'MeModule', 'UserBoxModule', 'NewDiscussionModule', 'ProfileOptionsModule', 'Notices', 'NewConversationModule', 'NewDiscussionModule', 'DiscussionFilterModule', 'CategoryModeratorsModule', 'Content', 'Ads']; -$Configuration['Modules']['Conversations']['Panel'] = ['MeModule', 'UserBoxModule', 'NewConversationModule', 'SignedInModule', 'GuestModule', 'Ads']; -$Configuration['Modules']['Conversations']['Content'] = ['MessageModule', 'MeModule', 'UserBoxModule', 'NewConversationModule', 'Notices', 'Content', 'Ads']; - -// Routes. -$Configuration['Routes']['DefaultController'] = 'discussions'; -$Configuration['Routes']['DefaultForumRoot'] = 'discussions'; -$Configuration['Routes']['Default404'] = ['dashboard/home/filenotfound', 'NotFound']; -$Configuration['Routes']['DefaultPermission'] = ['dashboard/home/unauthorized', 'NotAuthorized']; -$Configuration['Routes']['UpdateMode'] = 'dashboard/home/updatemode'; diff --git a/hosts/france/forum-config/config.php.nix b/hosts/france/forum-config/config.php.nix deleted file mode 100644 index 957c3af..0000000 --- a/hosts/france/forum-config/config.php.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ config }: - -'' - 0 is in seconds. 60 * 60 = 3600 (aka 1hr) - $Configuration["Garden"]["Format"]["Mentions"] = true; - $Configuration["Garden"]["Format"]["Hashtags"] = false; - $Configuration["Garden"]["Format"]["YouTube"] = true; - $Configuration["Garden"]["Format"]["Vimeo"] = true; - $Configuration["Garden"]["Format"]["EmbedSize"] = "normal"; // tiny/small/normal/big/huge or WIDTHxHEIGHT - - // Module visibility and sorting. - $Configuration["Garden"]["Modules"]["ShowGuestModule"] = true; - $Configuration["Garden"]["Modules"]["ShowSignedInModule"] = false; - $Configuration["Garden"]["Modules"]["ShowRecentUserModule"] = false; - $Configuration["Modules"]["Dashboard"]["Panel"] = ["MeModule", "UserBoxModule", "ActivityFilterModule", "UserPhotoModule", "ProfileFilterModule", "SideMenuModule", "UserInfoModule", "GuestModule", "Ads"]; - $Configuration["Modules"]["Dashboard"]["Content"] = ["MessageModule", "MeModule", "UserBoxModule", "ProfileOptionsModule", "Notices", "ActivityFilterModule", "ProfileFilterModule", "Content", "Ads"]; - $Configuration["Modules"]["Vanilla"]["Panel"] = ["MeModule", "UserBoxModule", "GuestModule", "NewDiscussionModule", "DiscussionFilterModule", "SignedInModule", "Ads"]; - $Configuration["Modules"]["Vanilla"]["Content"] = ["MessageModule", "MeModule", "UserBoxModule", "NewDiscussionModule", "ProfileOptionsModule", "Notices", "NewConversationModule", "NewDiscussionModule", "DiscussionFilterModule", "CategoryModeratorsModule", "Content", "Ads"]; - $Configuration["Modules"]["Conversations"]["Panel"] = ["MeModule", "UserBoxModule", "NewConversationModule", "SignedInModule", "GuestModule", "Ads"]; - $Configuration["Modules"]["Conversations"]["Content"] = ["MessageModule", "MeModule", "UserBoxModule", "NewConversationModule", "Notices", "Content", "Ads"]; - - // Routes. - $Configuration["Routes"]["DefaultController"] = "discussions"; - $Configuration["Routes"]["DefaultForumRoot"] = "discussions"; - $Configuration["Routes"]["Default404"] = ["dashboard/home/filenotfound", "NotFound"]; - $Configuration["Routes"]["DefaultPermission"] = ["dashboard/home/unauthorized", "NotAuthorized"]; - $Configuration["Routes"]["UpdateMode"] = "dashboard/home/updatemode"; - - // Cache. - $Configuration['Cache']['Enabled'] = true; - $Configuration['Cache']['Method'] = 'memcached'; - $Configuration['Cache']['Filecache']['Store'] = PATH_CACHE.'/Filecache'; - $Configuration['memcached']['Store'] = '${config.memcached-server}'; -'' diff --git a/hosts/france/forum-config/constants.php b/hosts/france/forum-config/constants.php deleted file mode 100644 index b96801b..0000000 --- a/hosts/france/forum-config/constants.php +++ /dev/null @@ -1,89 +0,0 @@ - - * @copyright 2009-2019 Vanilla Forums Inc. - * @license GPL-2.0-only - */ - - if (PHP_VERSION_ID < 70100) { - die("Vanilla requires PHP 7.1 or greater."); - } - - // Define the constants we need to get going. - if (!defined("APPLICATION")) { - define("APPLICATION", "Vanilla"); - } - if (!defined("APPLICATION_VERSION")) { - // Rules for the versioning - // {OSS version}-{Cloud release version}-{? SNAPSHOT if it"s a dev build} - define("APPLICATION_VERSION", "3.3"); - } - if (!defined("DS")) { - define("DS", DIRECTORY_SEPARATOR); - } - if (!defined("STATE_ROOT")) { - define("STATE_ROOT", "${state-root}"); - } - if (!defined("PATH_ROOT")) { - define("PATH_ROOT", "${static-root}"); - } - - // Disable Phar stream - stream_wrapper_unregister("phar"); - - /** - * Bootstrap Before - * - * This file gives developers the opportunity to hook into Garden before any - * real work has been done. Nothing has been included yet, aside from this file. - * No Garden features are available yet. - */ - $isWeb = PHP_SAPI !== "cli" && isset($_SERVER["REQUEST_METHOD"]); - if ($isWeb && file_exists(STATE_ROOT."/conf/bootstrap.before.php")) { - require_once STATE_ROOT."/conf/bootstrap.before.php"; - } - - /** - * Define Core Constants - * - * Garden depends on the presence of a certain base set of defines that allow it - * to be aware of its own place within the system. These are conditionally - * defined here, in case they"ve already been set by a zealous bootstrap.before. - */ - - // Path to the primary configuration file. - if (!defined("PATH_CONF")) { - define("PATH_CONF", "${config-root}"); - } - - // Include default constants. - require_once PATH_CONF."/constants.php"; - - // Make sure a default time zone is set. - // Do NOT edit this. See config `Garden.GuestTimeZone`. - date_default_timezone_set("UTC"); - - // Make sure the mb_* functions are utf8. - if (function_exists("mb_internal_encoding")) { - mb_internal_encoding("UTF-8"); - } - - // Include the core autoloader. - if (!include_once PATH_ROOT."/vendor/autoload.php") { - die("Could not find the autoloader. Did you forget to run 'composer install' in ".PATH_ROOT."?\n"); - } - spl_autoload_register([Vanilla\AliasLoader::class, "autoload"]); -'' diff --git a/hosts/france/forum-config/index.php b/hosts/france/forum-config/index.php deleted file mode 100644 index f44e685..0000000 --- a/hosts/france/forum-config/index.php +++ /dev/null @@ -1,29 +0,0 @@ -start(); -$dispatcher->dispatch(); diff --git a/hosts/france/forum-config/index.php.nix b/hosts/france/forum-config/index.php.nix deleted file mode 100644 index f018786..0000000 --- a/hosts/france/forum-config/index.php.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ environment-file, bootstrap-file, ... }: - -'' - start(); - $dispatcher->dispatch(); -'' diff --git a/hosts/france/jabber.nix b/hosts/france/jabber.nix deleted file mode 100644 index b900bad..0000000 --- a/hosts/france/jabber.nix +++ /dev/null @@ -1,262 +0,0 @@ -{ pkgs, lib, config, ... }: - -with lib; -let - backplane-auth = "/etc/nixos/static/backplane-auth.scm"; - - host-passwd-file = "/srv/jabber/secret/hosts-passwd.scm"; - service-passwd-file = "/srv/jabber/secret/services-passwd.scm"; - - cert-basedir = "/var/lib/ejabberd/certs"; - - target-certs = ["key" "cert" "chain" "fullchain"]; - - cert-origin = hostname: filename: "/var/lib/acme/${hostname}/${filename}.pem"; - cert-target = hostname: filename: "${cert-basedir}/${hostname}-${filename}.pem"; - - move-server-certs = hostnames: - let - move-server-cert = hostname: - map (filename: '' - ensure_exists ${cert-origin hostname filename} - cp -L ${cert-origin hostname filename} ${cert-target hostname filename} - '') - target-certs; - in pkgs.writeShellScript "move-server-certs" '' - function ensure_exists() { - FILENAME=$1 - if [ ! -e $FILENAME ]; then - echo "file does not exist: $FILENAME" - exit 1 - fi - } - - if [ -d ${cert-basedir} ]; then - mkdir ${cert-basedir} - fi - - ${concatStringsSep "\n" (concatMap move-server-cert hostnames)} - - chown -R ${config.services.ejabberd.user}:${config.services.ejabberd.group} ${cert-basedir} - - exit 0 - ''; - - remove-server-certs = pkgs.writeShellScript "ejabberd-rm-combined-certs" '' - rm ${cert-basedir}/*.pem - ''; - - -in { - config = { - - security.acme.certs."fudo.im".email = "admin@fudo.org"; - security.acme.certs."backplane.fudo.org".email = "admin@fudo.org"; - - systemd = { - services = { - ejabberd-generate-certs = { - enable = true; - description = "Generate required SSL certs for ejabberd."; - wantedBy = [ "ejabberd.service" ]; - after = [ - "acme-backplane.fudo.org.service" - "acme-fudo.im.service" - ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${move-server-certs ["fudo.im" "backplane.fudo.org"]}"; - RemainAfterExit = true; - ExecStop = remove-server-certs; - StandardOutput = "journal"; - }; - }; - - ejabberd = { - requires = [ "ejabberd-generate-certs.service" ]; - environment = { - FUDO_HOST_PASSWD_FILE = host-passwd-file; - FUDO_SERVICE_PASSWD_FILE = service-passwd-file; - }; - }; - - ejabberd-hostfile-watcher = { - description = "Watch the ejabberd host file and restart if changes occur."; - serviceConfig.Type = "oneshot"; - after = [ "ejabberd.service" ]; - script = '' - SYSCTL=${pkgs.systemd}/bin/systemctl - if $SYSCTL is-active --quiet ejabberd.service; then - echo "restarting ejabberd.service because hostfile has changed." - $SYSCTL restart ejabberd.service - fi - ''; - }; - - ejabberd-servicefile-watcher = { - description = "Watch the ejabberd service file and restart if changes occur."; - serviceConfig.Type = "oneshot"; - after = [ "ejabberd.service" ]; - script = '' - SYSCTL=${pkgs.systemd}/bin/systemctl - if $SYSCTL is-active --quiet ejabberd.service; then - echo "restarting ejabberd.service because servicefile has changed." - $SYSCTL restart ejabberd.service - fi - ''; - }; - }; - - paths = { - ejabberd-hostfile-watcher = { - pathConfig.PathChanged = host-passwd-file; - }; - - ejabberd-servicefile-watcher = { - pathConfig.PathChanged = service-passwd-file; - }; - }; - }; - - services = { - nginx = { - virtualHosts = { - "backplane.fudo.org" = { - enableACME = true; - }; - - "fudo.im" = { - enableACME = true; - }; - }; - }; - - ejabberd = { - enable = true; - - configFile = pkgs.writeText "ejabberd-config.yml" (builtins.toJSON { - loglevel = 4; - - access_rules = { - c2s = { allow = "all"; }; - announce = { allow = "admin"; }; - configure = { allow = "admin"; }; - pubsub_createnode = { allow = "local"; }; - }; - - acl = { - admin = { - user = [ - "niten@fudo.org" - ]; - }; - }; - - hosts = [ - "fudo.im" - "backplane.fudo.org" - ]; - - listen = [ - { - port = 5222; - module = "ejabberd_c2s"; - ip = "0.0.0.0"; - starttls = true; - starttls_required = true; - } - ]; - - certfiles = - concatMap (hostname: map (filename: cert-target hostname filename) target-certs) - ["fudo.im" "backplane.fudo.org"]; - - host_config = { - "fudo.im" = { - auth_method = "ldap"; - ldap_servers = ["auth.fudo.org"]; - ldap_port = 389; - ldap_rootdn = "cn=jabber,dc=fudo,dc=org"; - ldap_password = fileContents /srv/jabber/secret/ldap.passwd; - ldap_base = "ou=members,dc=fudo,dc=org"; - ldap_filter = "(objectClass=posixAccount)"; - ldap_uids = { uid = "%u"; }; - - modules = { - mod_adhoc = {}; - mod_announce = {}; - mod_avatar = {}; - mod_blocking = {}; - mod_caps = {}; - mod_carboncopy = {}; - mod_client_state = {}; - mod_configure = {}; - mod_disco = {}; - mod_fail2ban = {}; - mod_last = {}; - mod_offline = { - access_max_user_messages = 5000; - }; - mod_ping = {}; - mod_privacy = {}; - mod_private = {}; - mod_pubsub = { - access_createnode = "pubsub_createnode"; - ignore_pep_from_offline = true; - last_item_cache = false; - plugins = [ - "flat" - "pep" - ]; - }; - mod_roster = {}; - mod_stream_mgmt = {}; - mod_time = {}; - mod_vcard = { - search = false; - }; - mod_vcard_xupdate = {}; - mod_version = {}; - }; - }; - - "backplane.fudo.org" = { - auth_method = "external"; - extauth_program = "${pkgs.guile}/bin/guile -s ${backplane-auth}"; - extauth_pool_size = 3; - auth_use_cache = true; - - modules = { - mod_adhoc = {}; - mod_caps = {}; - mod_carboncopy = {}; - mod_client_state = {}; - mod_configure = {}; - mod_disco = {}; - mod_fail2ban = {}; - mod_last = {}; - mod_offline = { - access_max_user_messages = 5000; - }; - mod_ping = {}; - mod_pubsub = { - access_createnode = "pubsub_createnode"; - ignore_pep_from_offline = true; - last_item_cache = false; - plugins = [ - "flat" - "pep" - ]; - }; - mod_roster = {}; - mod_stream_mgmt = {}; - mod_time = {}; - mod_version = {}; - }; - }; - }; - }); - }; - }; - }; -} diff --git a/hosts/france/selby-forum-discourse-unused.nix b/hosts/france/selby-forum-discourse-unused.nix deleted file mode 100644 index 83cde12..0000000 --- a/hosts/france/selby-forum-discourse-unused.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - hostname = "forum.test.selby.ca"; - local-port = "3157"; - - postgres-host = "france.fudo.org"; - config-path = "/srv/selby-forum/conf"; - redis-data-path = "/srv/selby-forum/redis-data"; - sidekiq-data-path = "/srv/selby-forum/sidekiq-data"; - discourse-data-path = "/srv/selby-forum/discourse-data"; - postgres-data-path = "/srv/selby-forum/postgres-data"; - - env-file = "/srv/selby-forum/private/env"; - - ensure-dir-and-ownership = ownership: dir: '' - if [ ! -d ${dir} ]; then - mkdir -p ${dir} - fi - - chown -R ${ownership} ${dir} - chmod 700 ${dir} - ''; - -in { - config = { - users.users = { - selby-discourse = { - isSystemUser = true; - # This is stupid: needs to be 1001, see bitnami docs - uid = 1001; - }; - }; - - security.acme.certs.${hostname}.email = "niten@fudo.org"; - - services.nginx = { - enable = true; - - virtualHosts = { - "${hostname}" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:${local-port}"; - - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-By $server_addr:$server_port; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - }; - }; - - docker-containers = let - docker-flags = [ "--network=selby-discourse" "--env-file=${env-file}" ]; - discourse-env = { - DISCOURSE_USERNAME = "admin"; - DISCOURSE_SITENAME = "Selby Forum"; - DISCOURSE_EMAIL = "forum@selby.ca"; - DISCOURSE_HOSTNAME = hostname; - - POSTGRESQL_HOST = "selby-discourse-postgres"; - DISCOURSE_POSTGRESQL_USERNAME = "discourse_selby_forum"; - DISCOURSE_POSTGRESQL_NAME = "discourse_selby_forum"; - # note: passwords are stored in env-file - - REDIS_HOST = "selby-discourse-redis"; - # note: password is store in env-file - }; - - in { - selby-discourse = { - image = "bitnami/discourse:2.6.0"; - ports = [ "127.0.0.1:${local-port}:3000" ]; - # user = toString config.users.users.selby-discourse.uid; - volumes = [ - "${config-path}:/opt/bitnami/discourse/mounted-conf" - "${discourse-data-path}:/bitnami" - ]; - extraDockerOptions = docker-flags; - environment = discourse-env; - }; - - selby-discourse-redis = { - image = "bitnami/redis:6.0"; - user = toString config.users.users.selby-discourse.uid; - volumes = [ "${redis-data-path}:/bitnami/redis/data" ]; - extraDockerOptions = docker-flags; - environment = { }; - }; - - selby-discourse-sidekiq = { - image = "bitnami/discourse:2.6.0"; - # user = toString config.users.users.selby-discourse.uid; - volumes = [ "${sidekiq-data-path}:/bitnami" ]; - cmd = [ "nami" "start" "--foreground" "discourse-sidekiq" ]; - extraDockerOptions = docker-flags; - environment = discourse-env; - }; - - selby-discourse-postgres = { - image = "bitnami/postgresql:13"; - # user = toString config.users.users.selby-discourse.uid; - volumes = [ "${postgres-data-path}:/bitnami/postgresql" ]; - extraDockerOptions = docker-flags; - environment = { - POSTGRESQL_DATABASE = "discourse_selby_forum"; - POSTGRESQL_USERNAME = "discourse_selby_forum"; - }; - }; - }; - }; -} diff --git a/hosts/france/selby-forum.nix b/hosts/france/selby-forum.nix deleted file mode 100644 index d856386..0000000 --- a/hosts/france/selby-forum.nix +++ /dev/null @@ -1,197 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - hostname = "forum.test.selby.ca"; - - mariadb-tag = "10"; - mariadb-port = "13306"; - mariadb-data-path = "/srv/selby-forum/mariadb-data"; - mariadb-root-env-file = "/srv/selby-forum/private/mariadb-env"; - mariadb-env-file = "/srv/selby-forum/private/mariadb-root-env"; - mariadb-username = "forum_selby_ca"; - mariadb-database = "forum_selby_ca"; - - mariadb-password-file = "/srv/selby-forum/private/mariadb-user-passwd"; - - smtp-password-file = "srv/selby-forum/private/smtp-passwd"; - - fastcgi-params = "include ${pkgs.nginx}/conf/fastcgi_params"; - - memcached-tag = "1.6-alpine"; - memcached-port = "11219"; - - environment = pkgs.writeTextDir "/environment.php" - (import ./forum-config/environment.php.nix { - static-root = "${pkgs.vanilla-forum}"; - state-root = "/srv/selby-forum/state"; - config-root = "/etc/selby-forum"; - }); - - index = pkgs.writeTextDir "/index.php" (import ./forum-config/index.php.nix { - environment-file = "${environment}/environment.php"; - bootstrap-file = "${pkgs.vanilla-forum}/bootstrap.php"; - }); - - selby-forum-pkg = pkgs.symlinkJoin { - name = "selby-forum"; - paths = [ pkgs.vanilla-forum index ]; - }; - -in { - config = { - environment.etc = { - "selby-forum/config-defaults.php" = { - uid = config.users.users.nginx.uid; - mode = "0600"; - source = ./forum-config/config-defaults.php; - }; - "selby-forum/constants.php" = { - uid = config.users.users.nginx.uid; - mode = "0600"; - source = ./forum-config/constants.php; - }; - "selby-forum/config.php" = { - uid = config.users.users.nginx.uid; - mode = "0600"; - text = import ./forum-config/config.php.nix { - config = { - database-host = "127.0.0.1:${mariadb-port}"; - database-name = mariadb-database; - database-user = mariadb-username; - database-password-file = mariadb-password-file; - site-name = "Selby Forum"; - site-domain = "forum.selby.ca"; - smtp-host = "mail.fudo.org"; - smtp-user = "selby-forum"; - smtp-password-file = smtp-password-file; - memcached-server = "127.0.0.1:${memcached-port}"; - }; - }; - }; - }; - - docker-containers = { - selby-forum-mariadb = { - image = "mariadb:${mariadb-tag}"; - ports = [ "127.0.0.1:${mariadb-port}:3306" ]; - volumes = [ "${mariadb-data-path}:/var/lib/mysql" ]; - environment = { - MYSQL_USER = mariadb-username; - MYSQL_DATABASE = mariadb-database; - }; - extraDockerOptions = [ - "--env-file=${mariadb-root-env-file}" - "--env-file=${mariadb-env-file}" - ]; - }; - selby-forum-memcached = { - image = "memcached:${memcached-tag}"; - ports = [ "127.0.0.1:${memcached-port}:11211" ]; - }; - }; - - security.acme.certs."${hostname}".email = "niten@fudo.org"; - - services = { - phpfpm = { - pools.selby-forum = { - user = "nginx"; - group = "nginx"; - - settings = { - "pm" = "dynamic"; - "pm.max_children" = 50; - "pm.start_servers" = 5; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 8; - }; - - phpOptions = '' - memory_limit = 500M - file_uploads = On - allow_url_fopen = On - short_open_tag = On - upload_max_filesize = 100M - max_execution_time = 360 - date.timezone = America/Winnipeg - ''; - }; - }; - - nginx = { - enable = true; - - virtualHosts = { - "${hostname}" = let - forbidden-rxs = [ - "^.htaccess$" - "^/conf/" - "^/cache/" - "^/cgi-bin/" - "^/uploads/imports/" - "^/vendor/" - ]; - - forbidden-rx-entry = entry: - lib.nameValuePair "~* ${entry}" { - return = "403"; - extraConfig = "deny all;"; - }; - - forbidden-rx-entries = - builtins.listToAttrs (map forbidden-rx-entry forbidden-rxs); - - in { - enableACME = true; - forceSSL = true; - - root = "${selby-forum-pkg}/"; - - locations = forbidden-rx-entries // { - "/" = { - index = "index.php"; - tryFiles = "$uri @vanilla"; - }; - - "@vanilla" = { - extraConfig = '' - rewrite ^ /index.php$request_uri last; - ''; - }; - - "~* ^/index.php($|/)" = { - extraConfig = '' - expires -1; - - ${fastcgi-params}; - - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_param SCRIPT_NAME /index.php; - fastcgi_param SCRIPT_FILENAME $realpath_root/index.php; - fastcgi_param X_REWRITE 1; - fastcgi_pass unix:${config.services.phpfpm.pools.selby-forum.socket}; - ''; - }; - }; - }; - }; - }; - }; - - systemd.services = { - phpfpm-selby-forum-socket-perm = { - wantedBy = [ "multi-user.target" "nginx.service" ]; - before = [ "nginx.service" ]; - description = - "Change ownership of the phpfpm socket for selby forum once it's started."; - requires = [ "phpfpm-selby-forum.service" ]; - after = [ "phpfpm.target" "phpfpm-selby-forum.service" ]; - serviceConfig = { - ExecStart = '' - ${pkgs.coreutils}/bin/chown nginx:nginx ${config.services.phpfpm.pools.selby-forum.socket} - ''; - }; - }; - }; - }; -} diff --git a/hosts/lambda.nix b/hosts/lambda.nix deleted file mode 100644 index 7bf9b47..0000000 --- a/hosts/lambda.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ lib, config, pkgs, ... }: - -let - hostname = "lambda"; - host-internal-ip = "10.0.0.3"; - host-storage-ip = "10.0.10.1"; - inherit (lib.strings) concatStringsSep; - -in { - - boot.kernelModules = [ "kvm-amd" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/disk/by-label/nixos-root"; - - hardware.bluetooth.enable = false; - - imports = [ ../defaults.nix ../hardware-configuration.nix ]; - - fudo.common = { - profile = "server"; - site = "seattle"; - }; - - fudo.slynk = { enable = true; }; - - networking = { - hostName = hostname; - - nameservers = [ host-internal-ip ]; - - # Create a bridge for VMs to use - macvlans = { - extif0 = { - interface = "enp3s0f1"; - mode = "bridge"; - }; - storageif0 = { - interface = "enp4s0f1"; - mode = "bridge"; - }; - }; - - interfaces = { - enp3s0f0.useDHCP = false; - enp3s0f1.useDHCP = false; - enp4s0f0.useDHCP = false; - enp4s0f1.useDHCP = false; - - extif0 = { - useDHCP = false; - macAddress = "02:50:f6:52:9f:9d"; - ipv4.addresses = [{ - address = host-internal-ip; - prefixLength = 22; - } - # { - # address = "10.0.10.2"; - # prefixLength = 24; - # } - ]; - }; - - storageif0 = { - useDHCP = false; - macAddress = "02:65:d7:00:7d:1b"; - ipv4.addresses = [{ - address = host-storage-ip; - prefixLength = 24; - }]; - }; - }; - }; - - fudo.ipfs = { - enable = true; - users = [ "niten" ]; - api-address = "/ip4/${host-internal-ip}/tcp/5001"; - }; -} diff --git a/hosts/monolith.nix b/hosts/monolith.nix deleted file mode 100644 index d4c531e..0000000 --- a/hosts/monolith.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, ... }: - -let - hostname = "monolith"; - -in { - imports = [ - ../defaults.nix - ../networks/sea.fudo.org.nix - ../profiles/desktop.nix - ../hardware-configuration.nix - ]; - - environment.systemPackages = with pkgs; [ - glxinfo - ]; - - networking.hostName = hostname; - - services.xserver.videoDrivers = ["nvidia"]; - - hardware.bluetooth.enable = false; - - hardware.opengl.driSupport32Bit = true; - hardware.opengl.driSupport = true; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - -} diff --git a/hosts/nostromo.nix b/hosts/nostromo.nix deleted file mode 100644 index fdd05b7..0000000 --- a/hosts/nostromo.nix +++ /dev/null @@ -1,239 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; -let - hostname = "nostromo"; - host-internal-ip = "10.0.0.1"; - -in { - - environment.systemPackages = with pkgs; [ - dnsproxy - google-photos-uploader - libguestfs-with-appliance - libvirt - powerdns - virtmanager - ]; - - boot.kernelModules = [ "kvm-amd" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - hardware.bluetooth.enable = false; - - imports = [ ../defaults.nix ../hardware-configuration.nix ]; - - fudo.common = { - profile = "server"; - site = "seattle"; - }; - - fudo.local-network = { - enable = true; - # See fudo/sites/seattle.nix for general settings - dns-servers = [ host-internal-ip ]; - gateway = host-internal-ip; - dhcp-interfaces = [ "intif0" ]; - dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" ]; - # Using a pihole running in docker, see below - recursive-resolver = "${host-internal-ip} port 5353"; - server-ip = host-internal-ip; - }; - - fudo.slynk = { - # NOTE: for now, had to do: XDG_RUNTIME_DIR=/run/user/$UID systemctl start --user slynk - enable = true; - }; - - # systemd.network.networks.eno2 = { - # dhcpV6Config = { - # IPv6PrefixDelegation = "dhcpv6"; - # PrefixDelegationHint = 60; - # }; - # }; - - systemd.network.networks.eno2 = { - extraConfig = { - IPv6AcceptRA = true; - IPv6PrefixDelegation = "dhcpv6"; - }; - }; - - networking = { - hostName = hostname; - - nameservers = [ host-internal-ip ]; - - dhcpcd.extraConfig = '' - interface eno2 - ia_na 1 - ia_pd 2 eno2/0 - ''; - - # Create a bridge for VMs to use - macvlans = { - intif0 = { - interface = "eno1"; - mode = "bridge"; - }; - }; - - interfaces = { - eno1.useDHCP = false; - eno3.useDHCP = false; - eno4.useDHCP = false; - enp33s0f0.useDHCP = false; - enp33s0f1.useDHCP = false; - enp9s0f0.useDHCP = false; - enp9s0f1.useDHCP = false; - - eno2 = { useDHCP = true; }; - - intif0 = { - useDHCP = false; - macAddress = "46:54:76:06:f1:10"; - ipv4.addresses = [ - { - address = host-internal-ip; - prefixLength = 22; - } - { - address = "10.0.10.2"; - prefixLength = 24; - } - ]; - }; - }; - - nat = { - enable = true; - externalInterface = "eno2"; - internalInterfaces = [ "intif0" ]; - }; - }; - - users = { - users = { fudo-client = { isSystemUser = true; }; }; - - groups = { - backplane-powerdns = { members = [ "backplane-powerdns" ]; }; - backplane-dns = { members = [ "backplane-dns" ]; }; - }; - }; - - fudo = { - client.dns = { - enable = true; - ipv4 = true; - ipv6 = true; - user = "fudo-client"; - external-interface = "eno2"; - password-file = "/srv/client/secure/client.passwd"; - }; - - secure-dns-proxy = { - enable = true; - port = 3535; - upstream-dns = [ - "https://cloudflare-dns.com/dns-query" - # "https://dns.adguard.com/dns-query" - ]; - bootstrap-dns = "1.1.1.1"; - }; - - netinfo-email = { - enable = true; - env-file = "/srv/netinfo/secure/env"; - }; - }; - - virtualisation = { - docker = { - enable = true; - autoPrune.enable = true; - enableOnBoot = true; - }; - - libvirtd = { - enable = true; - qemuPackage = pkgs.qemu_kvm; - onShutdown = "shutdown"; - }; - }; - - docker-containers = { - pihole = { - image = "pihole/pihole:4.3.2-1"; - ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ]; - environment = { - ServerIP = host-internal-ip; - VIRTUAL_HOST = "dns-hole.sea.fudo.org"; - DNS1 = "1.1.1.1"; - DNS2 = "8.8.8.8"; - }; - volumes = [ - "/srv/pihole/etc-pihole/:/etc/pihole/" - "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" - ]; - # TODO: DNS-over-HTTPS via cloudflared - # extraDockerOptions = [ - # "--dns=1.1.1.1" - # ]; - }; - }; - - fudo.ipfs = { - enable = true; - users = [ "niten" ]; - api-address = "/ip4/${host-internal-ip}/tcp/5001"; - }; - - security.acme.certs."sea-camera.fudo.link".email = "niten@fudo.org"; - security.acme.certs."sea-camera-od.fudo.link".email = "niten@fudo.org"; - - services = { - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - "sea-camera.fudo.link" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://panopticon.sea.fudo.org/"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - ''; - }; - }; - - "sea-camera-od.fudo.link" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://panopticon-od.sea.fudo.org/"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - ''; - }; - }; - - "pihole.sea.fudo.org" = { - serverAliases = [ "dns-hole.sea.fudo.org" "hole.sea.fudo.org" ]; - locations."/" = { proxyPass = "http://127.0.0.1:3000"; }; - }; - }; - }; - }; -} diff --git a/hosts/procul.nix b/hosts/procul.nix deleted file mode 100644 index 5272d2a..0000000 --- a/hosts/procul.nix +++ /dev/null @@ -1,320 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - hostname = "procul"; - domain = "informis.land"; - mail-hostname = hostname; - host_ipv4 = "172.86.179.18"; - host-fqdn = "${hostname}.${domain}"; - all-hostnames = []; - - acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem"; - acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem"; - acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem"; - - fudo-ca = "/etc/nixos/static/fudo_ca.pem"; - -in { - - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/sdb"; - }; - - imports = [ - ../hardware-configuration.nix - - ../defaults.nix - - ../informis/users.nix - ]; - - networking = { - hostName = hostname; - - # provided by secure-dns-proxy - nameservers = [ "127.0.0.1" ]; - - dhcpcd.enable = false; - useDHCP = false; - - # TODO: fix IPv6 - enableIPv6 = true; - - # Create a bridge for VMs to use - macvlans = { - extif0 = { - interface = "enp0s25"; - mode = "bridge"; - }; - }; - - # For WireGuard - nat = { - enable = true; - externalInterface = "extif0"; - internalInterfaces = [ "wgtun0" ]; - }; - - interfaces = { - extif0 = { - # result of: - # echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' - macAddress = "02:e2:b7:db:e8:af"; - ipv4.addresses = [ - { - address = host_ipv4; - prefixLength = 29; - } - ]; - }; - }; - }; - - hardware.bluetooth.enable = false; - - users = { - users = { - gituser = { - isSystemUser = true; - group = "nogroup"; - }; - }; - }; - - fudo = { - - common = { - # Sets some server-common settings. See /etc/nixos/fudo/profiles/... - profile = "server"; - - # Sets some common site-specific settings: gateway, monitoring, etc. See /etc/nixos/fudo/sites/... - site = "joes"; - - domain = domain; - - admin-email = "admin@${domain}"; - - local-networks = [ - "172.86.179.16/29" - "208.81.1.128/28" - "208.81.3.112/28" - "172.17.0.0/16" - "127.0.0.0/8" - ]; - }; - - client.dns = { - enable = true; - ipv4 = true; - ipv6 = true; - user = "fudo-client"; - external-interface = "extif0"; - password-file = "/srv/client/secure/client.passwd"; - }; - - # Not all users need access to procul; don't allow LDAP-user access. - authentication.enable = false; - - auth.kdc = { - enable = true; - database-path = "/var/heimdal/heimdal"; - realm = "INFORMIS.LAND"; - mkey-file = "/srv/heimdal/secure/m-key"; - acl-file = "/etc/heimdal/kdc.acl"; - bind-addresses = [ - host_ipv4 - "127.0.0.1" - "127.0.1.1" - ]; - }; - - system.tmpOnTmpfs = false; - - secure-dns-proxy = { - enable = true; - upstream-dns = [ "https://cloudflare-dns.com/dns-query" ]; - bootstrap-dns = "1.1.1.1"; - listen-ips = [ "127.0.0.1" ]; - port = 53; - }; - - dns = { - enable = true; - - dns-hosts = { - "ns1.informis.land" = "172.86.179.18"; - "ns2.informis.land" = "172.86.179.18"; - }; - - listen-ips = [host_ipv4]; - - domains = { - "informis.land" = import ../informis/informis.land.nix { - inherit host_ipv4 config; - }; - }; - }; - - mail-server = { - enable = true; - debug = true; - - domain = domain; - hostname = "${host-fqdn}"; - monitoring = false; - mail-user = "mailuser"; - mail-user-id = 525; - mail-group = "mailgroup"; - clamav.enable = true; - dkim.signing = true; - - dovecot = { - ssl-certificate = acme-certificate "imap.${domain}"; - ssl-private-key = acme-private-key "imap.${domain}"; - }; - - postfix = { - ssl-certificate = acme-certificate "smtp.${domain}"; - ssl-private-key = acme-private-key "smtp.${domain}"; - }; - - # This should NOT include the primary domain - local-domains = [ - host-fqdn - "smtp.${domain}" - ]; - - mail-directory = "/srv/mailserver/mail"; - state-directory = "/srv/mailserver/state"; - - trusted-networks = [ - "172.86.179.16/29" - "127.0.0.0/16" - ]; - - alias-users = { - root = ["niten"]; - postmaster = ["niten"]; - hostmaster = ["niten"]; - webmaster = ["niten"]; - system = ["niten"]; - admin = ["niten"]; - dmarc-report = ["niten"]; - }; - }; - - postgresql = { - enable = true; - ssl-certificate = (acme-certificate host-fqdn); - ssl-private-key = (acme-private-key host-fqdn); - keytab = "/srv/postgres/secure/postgres.keytab"; - - local-networks = [ - "172.86.179.16/29" - "127.0.0.0/16" - ]; - - users = { - gituser = { - password-file = "/srv/git/secure/db.passwd"; - databases = { - git = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "SELECT, UPDATE"; - }; - }; - }; - }; - }; - - databases = { - git = { - users = ["niten"]; - }; - }; - }; - - git = { - enable = true; - hostname = "git.informis.land"; - site-name = "informis git"; - user = "gituser"; - repository-dir = /srv/git/repo; - state-dir = /srv/git/state; - database = { - user = "gituser"; - password-file = /srv/git/secure/db.passwd; - hostname = "127.0.0.1"; - name = "git"; - }; - }; - - acme = { - enable = true; - - admin-address = "admin@${domain}"; - - hostnames = [ - "informis.land" - "imap.informis.land" - "smtp.informis.land" - "gemini.informis.land" - ]; - }; - }; - - security.acme.certs.${host-fqdn}.email = "admin@${domain}"; - - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - virtualHosts = { - "${host-fqdn}" = { - enableACME = true; - forceSSL = true; - }; - }; - }; - - fudo.vpn = { - # fer some fuckin reason this sets the default gw to the vpn interface - enable = false; - network = "10.100.0.0/16"; - server-ip = host_ipv4; - private-key-file = "/srv/wireguard/secure/secret.key"; - peers = { - peter = "/srv/wireguard/clients/peter.key"; - ken = "/srv/wireguard/clients/ken.key"; - helen = "/srv/wireguard/clients/helen.key"; - }; - }; - - informis.cl-gemini = { - enable = true; - - server-ip = host_ipv4; - document-root = "/srv/gemini/root"; - ssl-private-key = "/srv/gemini/private/key.pem"; - ssl-certificate = "/srv/gemini/private/cert.pem"; - slynk-port = 4005; - - textfiles-archive = "/srv/gemini/textfiles"; - - feeds = { - viator = { - title = "viator's phlog"; - path = "/home/viator/gemini-public/feed/"; - url = "gemini://informis.land/user/viator/feed/"; - }; - }; - }; -} diff --git a/hosts/spark.nix b/hosts/spark.nix deleted file mode 100644 index e86fc06..0000000 --- a/hosts/spark.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, pkgs, ... }: - -let - hostname = "spark"; - -in { - imports = [ - ../defaults.nix - ../hardware-configuration.nix - ]; - - nixpkgs.config.permittedInsecurePackages = [ - "google-chrome-81.0.4044.138" - ]; - - environment.systemPackages = with pkgs; [ - # androidStudioPackages.canary - androidenv.androidPkgs_9_0.platform-tools - cmake - glxinfo - opencv4 - qemu_kvm - signal-cli - signal-desktop - teamviewer - thunderbird - wireshark - ]; - - fudo.common = { - profile = "desktop"; - site = "seattle"; - enable-gui = true; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi = { - canTouchEfiVariables = true; - }; - - programs = { - adb.enable = true; - bash.enableCompletion = true; - }; - - networking.hostName = hostname; - - hardware.bluetooth.enable = false; - - hardware.opengl.driSupport32Bit = true; - hardware.opengl.driSupport = true; - - services = { - trezord.enable = true; - }; - - virtualisation.libvirtd = { - enable = true; - qemuPackage = pkgs.qemu_kvm; - onShutdown = "shutdown"; - }; -} diff --git a/hosts/zbox.nix b/hosts/zbox.nix deleted file mode 100644 index aab9ea9..0000000 --- a/hosts/zbox.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, pkgs, ... }: - -let - hostname = "zbox"; - -in { - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - imports = [ - ../defaults.nix - ../hardware-configuration.nix - ]; - - environment.systemPackages = with pkgs; [ - androidenv.androidPkgs_9_0.platform-tools - android-studio - dnsproxy - glxinfo - hll2380dw-cups - nodejs - signal-desktop - thunderbird - usbutils - ]; - - fudo.common = { - profile = "desktop"; - site = "seattle"; - enable-gui = true; - }; - - fudo.slynk = { - enable = true; - }; - - hardware.cpu.intel.updateMicrocode = true; - - programs = { - adb.enable = true; - bash.enableCompletion = true; - }; - - services.xserver = { - videoDrivers = ["nvidia"]; - # displayManager.gdm.wayland = false; - }; - - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - hardware.opengl.driSupport = true; - - hardware.pulseaudio.support32Bit = true; - - networking = { - hostName = hostname; - - macvlans = { - intif0 = { - interface = "eno1"; - mode = "bridge"; - }; - }; - - interfaces = { - eno1.useDHCP = false; - intif0 = { - macAddress = "02:dd:80:52:83:9b"; - useDHCP = false; - ipv4.addresses = [ - { - address = "10.0.0.110"; - prefixLength = 24; - } - ]; - }; - }; - }; - - hardware.bluetooth.enable = true; - - users.users.niten = { - extraGroups = ["adbusers"]; - }; - - virtualisation.lxd.enable = true; - -} diff --git a/informis/informis.land.nix b/informis/informis.land.nix deleted file mode 100644 index acce31d..0000000 --- a/informis/informis.land.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ host_ipv4, config }: - -{ - dnssec = true; - - mx = ["smtp.informis.land"]; - - hosts = { - procul = { - ip-addresses = [ "172.86.179.18" ]; - ssh-fingerprints = [ - "4 1 2a8e086d3589ce50b58c55bc35638af8da23988e" - "4 2 55a9f7c0addf08bb24c62ced954574db6e95eff38ee56d6a2cff312d20eb910e" - "1 1 d089902f60751b3d35b5329bf7b906df254d5fa7" - "1 2 8deebf42bbc40881a327f561bffd5d7bd328a4fc94d4e4ce8c502a9c6cbdfb92" - ]; - }; - }; - - default-host = "172.86.179.18"; - - srv-records = { - tcp = { - domain = [{ - host = "ns1.informis.land"; - port = 53; - }]; - ssh = [{ - host = "procul.informis.land"; - port = 22; - }]; - submission = [{ - host = "procul.informis.land"; - port = 587; - }]; - kerberos = [{ - host = "procul.informis.land"; - port = 88; - }]; - kerberos-adm = [{ - host = "procul.informis.land"; - port = 749; - }]; - imaps = [{ - host = "procul.informis.land"; - port = 993; - priority = 0; - }]; - pop3s = [{ - host = "procul.informis.land"; - port = 995; - priority = 10; - }]; - http = [{ - host = "procul.informis.land"; - port = 80; - }]; - https = [{ - host = "procul.informis.land"; - port = 443; - }]; - }; - - udp = { - domain = [{ - host = "ns1.informis.land"; - port = 53; - }]; - kerberos = [{ - host = "procul.informis.land"; - port = 88; - }]; - kerberos-master = [{ - host = "procul.informis.land"; - port = 88; - }]; - kpasswd = [{ - host = "procul.informis.land"; - port = 464; - }]; - }; - }; - - aliases = { - smtp = "procul.informis.land."; - imap = "procul.informis.land."; - gemini = "procul.informis.land."; - git = "procul.informis.land."; - }; - - extra-dns-records = [ - ''_kerberos IN TXT "INFORMIS.LAND"'' - ''@ IN TXT "v=spf1 mx ip4:${host_ipv4}/29 -all"'' - ''@ IN SPF "v=spf1 mx ip4:${host_ipv4}/29 -all"'' - ]; - - dmarc-report-address = "dmarc-report@informis.land"; -} diff --git a/informis/users.nix b/informis/users.nix deleted file mode 100644 index b858c6e..0000000 --- a/informis/users.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: - -{ - config = { - users.users = { - viator = { - isNormalUser = true; - description = "Viator"; - createHome = true; - hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; - }; - }; - }; -} diff --git a/users/niten.nix b/users/niten.nix deleted file mode 100644 index 43e8a38..0000000 --- a/users/niten.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - name = "Niten"; - email = "niten@fudo.org"; - -in { - programs = { - bash = { enable = true; }; - - git = { - enable = true; - userName = name; - userEmail = email; - }; - }; - - xresources.properties = { - "Xft.antialias" = 1; - "Xft.autohint" = 0; - "Xft.dpi" = 192; - "Xft.hinting" = 1; - "Xft.hintstyle" = "hintfull"; - "Xft.lcdfilter" = "lcddefault"; - }; - - services.gpg-agent.enable = true; - - # services.redshift = { - # enable = true; - # latitude = "51.0"; - # longitude = "47.0"; - # brightness.day = "1"; - # brightness.night = "0.5"; - # tray = true; - # }; - - home = { - file = { - ".doom.d" = { - source = pkgs.doom-emacs-config; - recursive = true; - onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh"; - }; - - ".k5login" = { - source = pkgs.writeText "niten-k5login" '' - niten@FUDO.ORG - niten/root@FUDO.ORG - niten@INFORMIS.LAND - niten/root@INFORMIS.LAND - ''; - }; - }; - - sessionVariables = { - EDITOR = "emacsclient -t"; - ALTERNATE_EDITOR = ""; - - # Don't put duplicates or whitespace in bash history - HISTCONTROL = "ignoredups:ignorespace"; - }; - }; -} diff --git a/users/root.nix b/users/root.nix deleted file mode 100644 index c31816f..0000000 --- a/users/root.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - name = "Root"; - email = "root@fudo.org"; - -in { - programs = { - git = { - enable = true; - userName = name; - userEmail = email; - }; - }; - - services.gpg-agent.enable = true; - - home = { - file = { - ".doom.d" = { - source = pkgs.doom-emacs-config; - recursive = true; - onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh"; - }; - - ".k5login" = { - source = pkgs.writeText "niten-k5login" '' - niten@FUDO.ORG - niten/root@FUDO.ORG - niten@INFORMIS.LAND - niten/root@INFORMIS.LAND - ''; - }; - }; - - sessionVariables = { - EDITOR = "emacsclient -t"; - ALTERNATE_EDITOR = ""; - - HISTCONTROL = "ignoredups:ignorespace"; - }; - }; -}