m

author: polwex <polwex@sortug.com> 2024-07-21 01:49:04 +0700
committer: polwex <polwex@sortug.com> 2024-07-21 01:49:04 +0700
commit: e64f7a78e01e5fa661471cb518cc71fc33223b5a (patch)
tree: 691c444cf66e2f9d1ee63e4589ed09ec502baa3b /hosts/cloud/oldsortug
parent: 0816d59542658a62928050ef5f08e1460e554959 (diff)
7 files changed, 0 insertions, 294 deletions
diff --git a/hosts/cloud/oldsortug/configuration.nix b/hosts/cloud/oldsortug/configuration.nix
deleted file mode 100644
index 1c1866e..0000000
--- a/hosts/cloud/oldsortug/configuration.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ modulesPath, lib, ... }:
-{
-  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
-    ./hardware-configuration.nix
-    ./gitea.nix
-    ./nginx.nix
-    ./coturn.nix
-  ];
-      boot = {
-        growPartition = true;
-        kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
-        initrd.kernelModules = [ "virtio_scsi" ];
-        kernelModules = [ "virtio_pci" "virtio_net" ];
-        loader = {
-          grub.device = "/dev/sda";
-          timeout = 0;
-          grub.configurationLimit = 0;
-        };
-      };
-      services.openssh = {
-        enable = true;
-        passwordAuthentication = false;
-	ports = [5522];
-      };
-      services.do-agent.enable =  true;
-      networking = {
-        hostName =  "sortug"; # use Digital Ocean metadata server
-      };
-      networking.firewall = {
-        enable = true;
-	allowedTCPPorts = [ 40308 80 443 53 51820 5522 ];
-	allowedUDPPorts = [ 40308 80 443 53 51820 5522 
-    50000
-    50001
-    50002
-    50003
-    50004
-    50005
-    50006
-    50007
-    50008
-    50009
-    50010
-  ];
-      };
-}
diff --git a/hosts/cloud/oldsortug/coturn.nix b/hosts/cloud/oldsortug/coturn.nix
deleted file mode 100644
index aaf097c..0000000
--- a/hosts/cloud/oldsortug/coturn.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ ... }: 
-
-{
-  services.coturn = {
-    enable = true;
-    lt-cred-mech = true;
-    # use-auth-secret = true;
-    # static-auth-secret = "GHhc4i7Hwto0KxoDgNioYgWgkc1iLbEE8t45G6voTzD07vKvFsK6R4b8kShVZEhC";
-    realm = "turn.sortug.com";
-    # relay-ips = [
-    #   "<public-server-ip>"
-    # ];
-    # no-tcp-relay = true;
-    extraConfig = "
-      cipher-list=\"HIGH\"
-      no-loopback-peers
-      no-multicast-peers
-    ";
-    # secure-stun = true;
-    cert = "/var/lib/acme/turn.sortug.com/fullchain.pem";
-    pkey = "/var/lib/acme/turn.sortug.com/key.pem";
-    min-port = 49152;
-    max-port = 49999;
-  };
-
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = true;
-    allowPing = false;
-    allowedTCPPorts = [
-      5349  # STUN tls
-      5350  # STUN tls alt
-      80    # http
-      443   # https
-    ];
-    allowedUDPPortRanges = [
-      { from=49152; to=49999; } # TURN relay
-    ];
-  };
-
-  # setup certs
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "turn.sortug.com" = {
-        forceSSL = true;
-        enableACME = true;
-      };
-    };
-  };
-  users.groups.turnserver.members = ["nginx" "coturn"];
-
-  # share certs with coturn and restart on renewal
-  security.acme.certs = {
-    "turn.sortug.com" = {
-      postRun = "systemctl reload nginx.service; systemctl restart coturn.service";
-    };
-  };
-}  
-
diff --git a/hosts/cloud/oldsortug/gitea.nix b/hosts/cloud/oldsortug/gitea.nix
deleted file mode 100644
index a25773a..0000000
--- a/hosts/cloud/oldsortug/gitea.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, ...}:
-{
-  services.gitea = {
-    enable = true;
-    user = "git";
-    appName = "Sortug Git"; 
-    settings.server = {
-      domain = "git.sortug.com";
-      ROOT_URL = "https://git.sortug.com/";
-      SSH_PORT = 5522;
-    };
-    lfs.enable = true;
-  };
-  
-  users.users = {
-    git = {
-      description = "Gitea Service";
-      home = "/var/lib/gitea";
-      useDefaultShell = true;
-      group = "gitea";
-      isSystemUser = true;
-    };
-  };
-
-
-
-}
diff --git a/hosts/cloud/oldsortug/hardware-configuration.nix b/hosts/cloud/oldsortug/hardware-configuration.nix
deleted file mode 100644
index f46db2a..0000000
--- a/hosts/cloud/oldsortug/hardware-configuration.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/32e438fa-ead6-47d5-8ebe-75f6b1d0c1a6";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/hosts/cloud/oldsortug/nginx.nix b/hosts/cloud/oldsortug/nginx.nix
deleted file mode 100644
index ba64539..0000000
--- a/hosts/cloud/oldsortug/nginx.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ ... }: {
-
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "security@sortug.com";
-  users.users.y.homeMode = "750";
-  services.nginx = {
-    enable = true;
-    virtualHosts."old.sortug.com" =  {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:9000";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-        extraConfig = ''
-         proxy_set_header Host $Host;
-        '';
-        # actually important
-      };
-    };
-  };
-}
diff --git a/hosts/cloud/oldsortug/packages.nix b/hosts/cloud/oldsortug/packages.nix
deleted file mode 100644
index 6985acb..0000000
--- a/hosts/cloud/oldsortug/packages.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-   nixpkgs.config = {
-     allowUnfree = true;
-   };
-
-  environment.systemPackages = with pkgs; [
-    neovim
-    fish
-    # unix utilities
-    tmux
-    bat # cat replacement written in Rust
-    colordiff
-    direnv # Per-directory environment variables
-    lsd
-    fd # find replacement written in Rust
-    fzf # Fuzzy finder
-    git
-    glibcLocales
-    gnumake
-    htop # Resource monitoring
-    jq # JSON parsing for the CLI
-    lsof
-    ripgrep # grep replacement written in Rust
-    sd # Fancy sed replacement
-    silver-searcher
-    skim # High-powered fuzzy finder written in Rust
-    strace # debug stack trace
-    tealdeer # tldr for various shell tools
-    testdisk
-    tokei # Handy tool to see lines of code by language
-    watchexec # Fileystem watcher/executor useful for speedy development
-    xsv # CSV file parsing utility
-    just # Intriguing new make replacement
-    mdcat # Markdown converter/reader for the CLI
-    tree
-    unzip
-    zip
-
-    # networking
-    curl
-    caddy # simple web server made with go
-    innernet
-    
-    # s3
-    minio
-    # databases
-   # postgresql
-   # sqlite
-  ];
-}
-
diff --git a/hosts/cloud/oldsortug/users.nix b/hosts/cloud/oldsortug/users.nix
deleted file mode 100644
index b3515c1..0000000
--- a/hosts/cloud/oldsortug/users.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, pkgs, ... }:
-
-
-let shellAliases = {
-  l = "lsd -lAh";
-  la = "lsd -lAh";
-  ports = "sudo lsof -i -P -n | grep LISTEN";
-  gco = "git checkout";
-  gcob = "git checkout -b";
-};
-
-in {
-  programs.fish = {
-  inherit shellAliases;
-  enable = true;
-#   plugins = [{
-#      name="foreign-env";
-#      src = pkgs.fetchFromGitHub {
-#          owner = "oh-my-fish";
-#          repo = "plugin-foreign-env";
-#          rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
-#          sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
-#      };
-#  }];
-};
-
-  users = {
-    extraUsers = {
-      y = {
-        group = "users";
-        isNormalUser = true;
-        extraGroups = [
-          "systemd-journal"
-          "wheel"
-        ];
-        createHome = true;
-        home = "/home/y";
-        isSystemUser = false;
-        shell = pkgs.fish;
-        openssh.authorizedKeys.keys =
-          [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ];
-     };
-#     urbit = {
-#       group = "users";
-#       isNormalUser = true;
-#       createHome = true;
-#       isSystemUser = false;
-#       openssh.authorizedKeys.keys = 
-#       [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/VzXbaX1CLqQfPCkRdMHzAKsbS//2B0qlw3ROnR74tgl7jrBP2qeYhydcNECqC5WWO+KLZrbOWdVLATLW6z6oLlMx6E6WCfRVx/F7coMd/FBYqHwJ2Z1PbG0YSjWH07GyVYU2Nc9HfW459aXpGQ2LlTjYP14i7DqvSesCIkfbPfHzwAkyDxj4oIMXS3LMQlh4u69YKoXS/LPU+1Qv+bT5alRc2Uw+/9/q1IfDDxIiKqt3EVNEM6p5QssXtlFhk0+7zXRApWbpYLbjAVHDHbFoPAXeKLQvpgnz1K84fOGNlXj9nISYfDba8NVWQbetKnVxmQNDUKk3jOcBFmjgHvYv pkova@Pyrys-MacBook-Pro.local" ];
-#     };
-    };
-  };
-}
-
-
-
author	polwex <polwex@sortug.com>	2024-07-21 01:49:04 +0700
committer	polwex <polwex@sortug.com>	2024-07-21 01:49:04 +0700
commit	e64f7a78e01e5fa661471cb518cc71fc33223b5a (patch)
tree	691c444cf66e2f9d1ee63e4589ed09ec502baa3b /hosts/cloud/oldsortug
parent	0816d59542658a62928050ef5f08e1460e554959 (diff)