From c0cc03fd8d1c34a8715a8f9d04596c539b5d7f1f Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 26 Dec 2024 09:32:56 -0600 Subject: [PATCH] services I never really used --- .../nixos/services/glances/default.nix | 52 --------- .../nixos/services/postgresql/default.nix | 71 ------------ .../nixos/services/radicale/default.nix | 102 ------------------ .../nixos/services/radicale/secrets.sops.yaml | 86 --------------- 4 files changed, 311 deletions(-) delete mode 100644 .archive/modules/nixos/services/glances/default.nix delete mode 100644 .archive/modules/nixos/services/postgresql/default.nix delete mode 100644 .archive/modules/nixos/services/radicale/default.nix delete mode 100644 .archive/modules/nixos/services/radicale/secrets.sops.yaml diff --git a/.archive/modules/nixos/services/glances/default.nix b/.archive/modules/nixos/services/glances/default.nix deleted file mode 100644 index 598bd19..0000000 --- a/.archive/modules/nixos/services/glances/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ pkgs, config, lib, ... }: -let - cfg = config.mySystem.services.glances; -in -with lib; -{ - options.mySystem.services.glances = - { - enable = mkEnableOption "Glances system monitor"; - }; - config = mkIf cfg.enable { - - environment.systemPackages = with pkgs; - [ glances python310Packages.psutil hddtemp ]; - - # port 61208 - systemd.services.glances = { - script = '' - ${pkgs.glances}/bin/glances --enable-plugin smart --webserver --bind 0.0.0.0 - ''; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - }; - - networking = { - firewall.allowedTCPPorts = [ 61208 ]; - }; - - environment.etc."glances/glances.conf" = { - text = '' - [global] - check_update=False - - [network] - hide=lo,docker.* - - [diskio] - hide=loop.* - - [containers] - disable=False - podman_sock=unix:///var/run/podman/podman.sock - - [connections] - disable=True - - [irq] - disable=True - ''; - }; - }; -} diff --git a/.archive/modules/nixos/services/postgresql/default.nix b/.archive/modules/nixos/services/postgresql/default.nix deleted file mode 100644 index 9e68a96..0000000 --- a/.archive/modules/nixos/services/postgresql/default.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.mySystem.${category}.${app}; - app = "postgresql"; - category = "services"; -in -{ - options.mySystem.${category}.${app} = - { - enable = mkEnableOption "${app}"; - addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; }; - prometheus = mkOption - { - type = lib.types.bool; - description = "Enable prometheus scraping"; - default = true; - - }; - backupLocation = mkOption - { - type = lib.types.str; - description = "Location for sql backups to be stored."; - default = "/persist/backup/postgresql"; - }; - backup = mkOption - { - type = lib.types.bool; - description = "Enable backups"; - default = true; - }; - }; - - config = mkIf cfg.enable { - - services.postgresql = { - enable = true; - identMap = '' - # ArbitraryMapName systemUser DBUser - superuser_map root postgres - superuser_map postgres postgres - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - - authentication = '' - #type database DBuser auth-method optional_ident_map - local sameuser all peer map=superuser_map - ''; - - settings = { - max_connections = 200; - random_page_cost = 1.1; - }; - }; - - # enable backups - services.postgresqlBackup = mkIf cfg.backup { - enable = lib.mkForce true; - location = cfg.backupLocation; - }; - - ### firewall config - - # networking.firewall = mkIf cfg.openFirewall { - # allowedTCPPorts = [ port ]; - # allowedUDPPorts = [ port ]; - # }; - - }; -} diff --git a/.archive/modules/nixos/services/radicale/default.nix b/.archive/modules/nixos/services/radicale/default.nix deleted file mode 100644 index b5475db..0000000 --- a/.archive/modules/nixos/services/radicale/default.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.mySystem.${category}.${app}; - app = "radicale"; - category = "services"; - user = app; #string - group = app; #string - port = 5232; #int - appFolder = "/var/lib/${app}"; - url = "${app}.jahanson.tech"; -in -{ - options.mySystem.${category}.${app} = - { - enable = mkEnableOption "${app}"; - addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; }; - monitor = mkOption - { - type = lib.types.bool; - description = "Enable gatus monitoring"; - default = true; - }; - prometheus = mkOption - { - type = lib.types.bool; - description = "Enable prometheus scraping"; - default = true; - }; - backups = mkOption - { - type = lib.types.bool; - description = "Enable local backups"; - default = true; - }; - }; - - config = mkIf cfg.enable { - - ## Secrets - sops.secrets."${category}/${app}/htpasswd" = { - sopsFile = ./secrets.sops.yaml; - owner = user; - inherit group; - restartUnits = [ "${app}.service" ]; - }; - - users.users.jahanson.extraGroups = [ group ]; - - environment.persistence."${config.mySystem.system.impermanence.persistPath}" = lib.mkIf config.mySystem.system.impermanence.enable { - hideMounts = true; - directories = [ "/var/lib/radicale/" ]; - }; - - - services = - { - ## service - nginx.virtualHosts.${host} = { - useACMEHost = config.networking.domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${builtins.toString port}"; - }; - }; - ### Ingress - radicale = { - enable = true; - settings = { - server.hosts = [ "0.0.0.0:${builtins.toString port}" ]; - auth = { - type = "htpasswd"; - htpasswd_filename = config.sops.secrets."${category}/${app}/htpasswd".path; - htpasswd_encryption = "plain"; - realm = "Radicale - Password Required"; - }; - storage.filesystem_folder = "/var/lib/radicale/collections"; - }; - }; - }; - - ### firewall config - - # networking.firewall = mkIf cfg.openFirewall { - # allowedTCPPorts = [ port ]; - # allowedUDPPorts = [ port ]; - # }; - - ### backups - warnings = [ - (mkIf (!cfg.backups && config.mySystem.purpose != "Development") - "WARNING: Backups for ${app} are disabled!") - ]; - - services.restic.backups = mkIf cfg.backups (config.lib.mySystem.mkRestic - { - inherit app user; - paths = [ appFolder ]; - inherit appFolder; - }); - }; -} diff --git a/.archive/modules/nixos/services/radicale/secrets.sops.yaml b/.archive/modules/nixos/services/radicale/secrets.sops.yaml deleted file mode 100644 index b9e48fa..0000000 --- a/.archive/modules/nixos/services/radicale/secrets.sops.yaml +++ /dev/null @@ -1,86 +0,0 @@ -services: - radicale: - htpasswd: ENC[AES256_GCM,data:O/bI1CUdpal/aJSiLaWtDQ==,iv:iJ4WrQ2vbjRlICcY21R6NGmtOZwO68zANQv52uwm74k=,tag:c2sMcVCUWOjSALNITdx1dg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZUxOSWd5TnFlazlXcjUv - RVBjM01WRjZ4R2d3WGhQWHNheEZWRkdWcWx3CitOekFGZ1RXL1M3QndrWHUzUFNH - QkY2dnYyZlhFMGVvTzBQb05oTjFFZ1UKLS0tIDFYN0pQTHBEMUZTU3QvOEJQS0Rh - Z2p1ZFVvVVBBZXVwTkhVZ05nNVBOQUkK7qFuomZfRvwFXTUc6LWWT10Ws8xIDcCj - AD/HSc9K+lEXHoTNmpHZyUYGnxJljnDNB3d3FS4pKbHujvhvMXwfPQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdnRKZUk5Um5HYUwzbmhL - K1A0ZW1YN0d3WllNb28zeDhzS1ppWXhleDBVCmMrRk41WlM1RXN5TkVnVVRYQ3Ev - c2RTeVJ1ays1bzg1ZGozMWI5ZWZ1ZHcKLS0tIFRKRlhFT1VwY2lwbUhRd3A4SEds - Y3BFY2lpQkExL2V4SjJvU3pTSW5WYzAKO8GMLDaoDrxdZzM8unYvq3/OteDGIwra - dRd8c6b5LSoC63Y59WftmmasXFRNrZHZX24vwgwReKapnWmqtQTgrQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVFJQM3BnU2hlTVJvT0RQ - WHRVWkJEd3JacnlVSStQYVU3c2QwOThPOVhvCjZOeEFDdXFzeWNoS3JTbktFMDJV - ZDJKV2RlMDRiTW0vRHRBUUhCUGlPUlEKLS0tIGxWT0VmaUNGMXk0a1NYTDI0WDQw - b2hjeEFPVGdhek8yVEcwN1BzVnFQbFEKNgwnchYNz/afrg6FeFlCikMIaCfsEMYK - PHmfIiM64XReGZGsKL+gxIw33yszbyeOu0vr26tqV3HU/QUE7f19gw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTEpra1haektoVFNpMkV6 - eGVkQnRpblV5amdMaGZJVVJiMUV1VEYwYkVvCmJZZ1ZvWTRUOVpYRnZkSEcvbzk2 - MDZ0MVl5NmNBQnJ5ZkhqejI5Nm5URDgKLS0tIDZPRURpVHp4Q1NsRG9ZeGVqRU9X - WnJ2ejZrZ0hOdDhxZUNnaDhOWVpzVFEKoYnqypCuLKT8OUbtRk6yN9UfWBqbznzE - DgCHiOj590zXsfRpaei/UYx0qdEmtymh7FivkxSRNYylfcngjYiadA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QkpxRHJYTEo5cE9ielZl - a1NYUllWYmp2NzZZejJtby9MRkF4ejNPWmtNCmNDMWk3cGg3eVlYUXBCTjg0TmdG - akRwVFZxMUZMNXAvYzRSYkZlamthVlUKLS0tIHEzYmg3eTFveWppbzk3c3FHM0pn - bTZ4K2xhN2xRU2VDK040cGpDbjVmVUUKuAsZczZzTWKKxISxWOaxjzxM6wLnsbpT - dxCkcqbjL8tWs1hACsWhJ4cNGNP7gkF+9RELZvvAHgSMrlpMv7Y80w== - -----END AGE ENCRYPTED FILE----- - - recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVhZeVdXVXRSWi9tMjRv - dlJFRE5NNDZZdStsOUdmMFZBdC9wL2o1S0hRCkpPNE5ic2t2UHdvanJ5bTdheDk2 - SUhsOTlXZnkrTkRvUXRaZE9SbW9EMGsKLS0tIHRZK3ZBQ1UrMlFGWEdIblk1YURV - VUJaWXhJMy9NUC81SjhGR0t0QnZPSDAKnQe+zUSRWvfjwr/c5wIkw/alXelnIK+u - BmvB/bps060r8GWIGYsN5mVzBpLAYwqqB4ylpjoLTfhAx3J3A+fRCw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaa2hQWlNhdmpZNHkyQmJI - WGwwZitJaUx5U0xzdURjdlFpN01jMWFvRUZZCndMcHpNclhoR1NXZzVNOWtlY0JD - c1RSNGVzY1RUa0JLYng2a0w0bFozNXcKLS0tIC9Sb0k4MmpaWUVqMkxUbHlEdlgx - M0hoN29oY1FVNVFGZFVyZVJTM2owYjAKsnVoccpgW7RPuJL66Q9iCOG5GZ41K65e - 7J8lGbHkalzX63VGIOgtvSViIXIeQxw9+Tmf70GQUqcM6czwX8fu5Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZWxZWk53cHd1bzhjVmZF - TUk4RmhENGMvNzZnREdKYU9TTDZzS0Jha1I0CnY3NXZzVlJhTGpVNi8yWlZ5SXN1 - Z3I4b3BOcGtpek4vK3JzV1JUVWVMZUkKLS0tIHJMOEZraFB2WXdBVUFDUisrMzBM - TUUzcW1GR1JOcG4yMm9EY3R6WFdTeEUKzJerRRS/5eCDOhOxHEB78qiVOx++z4M/ - XOEN6X0iDUBDfFJIqtMngMjU9E9DlRIYetMOYLxTpxmdKiv3Njyh/A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-18T23:57:27Z" - mac: ENC[AES256_GCM,data:f2p4VkJ7RLGPBbkkesqFKNIVow+/7MobH+AqnELAguGxlMAt1XZaU1cLfyMy1RQIrT0UmUV2xjRf/PGXBVNOTK+A2M0zoI90N8daTvk2xrEX5JVNWycgKVnQfztIgUAf5LA+tcvyWQ/Z/sIN1aGNfbl1tCSq+U+3xjIxZ74qmuw=,iv:wcyjoKWNFLb/jGclNWbHP7wwnkz29iINSfKblqhP+bI=,tag:3RrZXX9pAWQG05ZPI5A35Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1