From 405576ee6364663ff5e312ba0ebabcf278fd9a3c Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 27 Aug 2025 12:44:54 -0500 Subject: [PATCH] removing docker from lio, and other cleanup --- common/_containers/inventory.nix | 166 ------------------ common/_containers/template_postgres_app.nix | 154 ---------------- common/_containers/tests.nix | 39 ---- .../hyprland/home_manager/hyprland.nix | 30 +--- common/flake.nix | 2 +- common/secrets/secrets/secrets.nix | 6 +- hosts/lio/containers.nix | 14 +- hosts/lio/flake.nix | 13 +- hosts/lio/hyprland_customizations.nix | 16 +- hosts/oracle/o001/nginx.nix | 28 +-- 10 files changed, 45 insertions(+), 423 deletions(-) delete mode 100644 common/_containers/inventory.nix delete mode 100644 common/_containers/template_postgres_app.nix delete mode 100644 common/_containers/tests.nix diff --git a/common/_containers/inventory.nix b/common/_containers/inventory.nix deleted file mode 100644 index 6169ab9..0000000 --- a/common/_containers/inventory.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ - config, - lib, - ... -}: - -let - name = "inventory"; - app = "pg-${name}"; - - hostDataDir = "/var/lib/${name}"; - - localAddress = "192.168.100.110"; - pg_port = 54433; - pg_dataDir = "/var/lib/postgres"; - # pgadmin_port = 5050; - # pgadmin_dataDir = "/var/lib/pgadmin"; - - binds = [ - { - host = "${hostDataDir}/postgres"; - container = pg_dataDir; - user = "postgres"; - uid = config.ids.uids.postgres; - } - # { - # host = "${hostDataDir}/pgadmin"; - # container = pgadmin_dataDir; - # user = "pgadmin"; - # uid = 1020; - # } - ]; -in -{ - - users = lib.foldl ( - acc: bind: - { - users.${bind.user} = { - isSystemUser = true; - home = bind.host; - createHome = true; - uid = bind.uid; - group = bind.user; - }; - groups.${bind.user}.gid = bind.uid; - } - // acc - ) { } binds; - - containers.${app} = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.2"; - localAddress = localAddress; - bindMounts = lib.foldl ( - acc: bind: - { - "${bind.container}" = { - hostPath = bind.host; - isReadOnly = false; - }; - } - // acc - ) { } binds; - config = - { config, pkgs, ... }: - { - system.stateVersion = "24.11"; - - users = lib.foldl ( - acc: bind: - { - users.${bind.user} = { - isSystemUser = true; - home = bind.container; - uid = bind.uid; - group = bind.user; - }; - groups.${bind.user}.gid = bind.uid; - } - // acc - ) { } binds; - - services.postgresql = { - enable = true; - package = pkgs.postgresql_17.withJIT; - enableJIT = true; - extensions = with pkgs.postgresql17Packages; [ - # NOTE add extensions here - pgvector - postgis - ]; - settings.port = pg_port; - enableTCPIP = true; - authentication = '' - local all all trust - host all all 127.0.0.1/8 trust - host all all ::1/128 trust - host all all 192.168.100.0/24 trust - ''; - identMap = '' - # ArbitraryMapName systemUser dbUser - superuser_map root ${name} - - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - ensureDatabases = [ name ]; - ensureUsers = [ - { - name = name; - ensureDBOwnership = true; - ensureClauses = { - login = true; - superuser = true; - }; - } - ]; - dataDir = - (lib.findFirst (bind: bind.user == "postgres") (throw "No postgres bind found") binds).container; - }; - - # services.pgadmin = { - # enable = true; - # port = pgadmin_port; - # openFirewall = true; - # initialEmail = "admin@test.com"; - # initialPasswordFile = (builtins.toFile "password" "password"); - # }; - - # TODO set this up, had issues since it shares users with postgres service and my bind mounts relys on createhome in that exact directory. - # services.postgresqlBackup = { - # enable = true; - # compression = "gzip"; - # compressionLevel = 9; - # databases = [ cfg.database ]; - # location = "${cfg.dataDir}/backup"; - # startAt = "02:30"; # Adjust the backup time as needed - # }; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ pg_port ]; - }; - - # Health check to ensure database is ready - systemd.services.postgresql-healthcheck = { - description = "PostgreSQL Health Check"; - after = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = '' - ${pkgs.postgresql_17}/bin/pg_isready \ - -U ${name} \ - -d ${name} \ - -h localhost \ - -p ${toString pg_port} - ''; - }; - }; - }; - }; -} diff --git a/common/_containers/template_postgres_app.nix b/common/_containers/template_postgres_app.nix deleted file mode 100644 index c26cc5a..0000000 --- a/common/_containers/template_postgres_app.nix +++ /dev/null @@ -1,154 +0,0 @@ -{ name }: -{ - config, - lib, - ... -}: -let - # name = "UNIQUE_NAME_ON_HOST"; - - hostDataDir = "/var/lib/${name}"; - hostAddress = "192.168.100.2"; - containerAddress = "192.168.100.10"; - - binds = [ - # Postgres data, must use postgres user in container and host - { - host = "${hostDataDir}/postgres"; - # Adjust based on container postgres data dir - container = "/var/lib/postgresql/17"; - user = "postgres"; - uid = config.ids.uids.postgres; - gid = config.ids.gids.postgres; - } - # Postgres backups - { - host = "${hostDataDir}/backups/postgres"; - container = "/var/backup/postgresql"; - user = "postgres"; - uid = config.ids.uids.postgres; - gid = config.ids.gids.postgres; - } - # App data, uses custom user - # { - # host = "${hostDataDir}/data"; - # container = "/var/lib/forgejo"; - # user = "forgejo"; - # uid = 115; - # gid = 115; - # } - ]; - uniqueUsers = lib.foldl' ( - acc: bind: if lib.lists.any (item: item.user == bind.user) acc then acc else acc ++ [ bind ] - ) [ ] binds; - users = { - users = lib.listToAttrs ( - lib.map (u: { - name = u.user; - value = { - isSystemUser = true; - name = u.user; - uid = u.uid; - group = u.user; - }; - }) uniqueUsers - ); - - groups = lib.listToAttrs ( - lib.map (g: { - name = g.user; - value.gid = g.gid; - }) uniqueUsers - ); - }; -in -{ - # Ensure users exists on host machine with same IDs as container - inherit users; - - # Ensure directories exist on host machine - system.activationScripts.createMediaServerDirs = '' - ${lib.concatStringsSep "\n" ( - lib.map (bind: '' - mkdir -p ${bind.host} - chown -R ${toString bind.user}:${toString bind.gid} ${bind.host} - chmod -R 750 ${bind.host} - '') binds - )} - ''; - - containers.${name} = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = hostAddress; - localAddress = containerAddress; - bindMounts = lib.foldl ( - acc: bind: - { - "${bind.container}" = { - hostPath = bind.host; - isReadOnly = false; - }; - } - // acc - ) { } binds; - config = - { config, pkgs, ... }: - { - system.stateVersion = "24.11"; - - # Ensure users exist on container - inherit users; - - services.postgresql = { - enable = true; - package = pkgs.postgresql_17.withJIT; - enableJIT = true; - extensions = with pkgs.postgresql17Packages; [ - # NOTE add extensions here - pgvector - postgis - ]; - enableTCPIP = true; - authentication = '' - local all all trust - host all all 127.0.0.1/8 trust - host all all ::1/128 trust - host all all 192.168.100.0/24 trust - ''; - # identMap = '' - # # ArbitraryMapName systemUser dbUser - # superuser_map root ${name} - # - # # Let other names login as themselves - # superuser_map /^(.*)$ \1 - # ''; - # ensureDatabases = [ name ]; - # ensureUsers = [ - # { - # name = name; - # ensureDBOwnership = true; - # ensureClauses = { - # login = true; - # superuser = true; - # }; - # } - # ]; - }; - - # Backup database - services.postgresqlBackup = { - enable = true; - }; - - # APP TODO REPLACE THIS WITH SOMETHING - services.pgadmin = { - enable = true; - openFirewall = true; - initialEmail = "admin@test.com"; - initialPasswordFile = (builtins.toFile "password" "password"); - }; - }; - }; -} diff --git a/common/_containers/tests.nix b/common/_containers/tests.nix deleted file mode 100644 index b4c6659..0000000 --- a/common/_containers/tests.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - ... -}: -{ - options = { }; - - config = { - # Random test, visit http://192.168.100.11/ - containers.wasabi = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.2"; - localAddress = "192.168.100.11"; - config = - { config, pkgs, ... }: - { - system.stateVersion = "24.11"; - services.httpd.enable = true; - services.httpd.adminAddr = "foo@example.org"; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 ]; - }; - }; - }; - - virtualisation.oci-containers.containers = { - # Example of defining a container, visit http://localhost:8085/ - "nginx_simple" = { - # autoStart = true; this is default true - image = "nginx:latest"; - ports = [ - "127.0.0.1:8085:80" - ]; - }; - }; - }; -} diff --git a/common/desktop_environment/hyprland/home_manager/hyprland.nix b/common/desktop_environment/hyprland/home_manager/hyprland.nix index 409d94f..81c3b46 100644 --- a/common/desktop_environment/hyprland/home_manager/hyprland.nix +++ b/common/desktop_environment/hyprland/home_manager/hyprland.nix @@ -25,30 +25,14 @@ in ]; settings = lib.attrsets.recursiveUpdate { - # exec-once = [ - # "waybar" - # ]; + # Default monitor configuration + monitor = "monitor = , preferred, auto, 1"; - # Default monitor configuration - monitor = "monitor = , preferred, auto, 1"; - - # Make workspaces 7-10 always on MONITOR-2 (replace DP-2 if your secondary isn't DP-2) - # You can get the name of your monitor via `hyprctl monitors` - workspace = [ - "7, monitor:DP-2, persistent:true" - "8, monitor:DP-2, persistent:true" - "9, monitor:DP-2, persistent:true" - "10, monitor:DP-2, persistent:true" - ]; - - windowrulev2 = [ - "float, class:^(?i)chrome-nngceckbapebfimnlniiiahkandclblb-Default$, initialtitle:^_crx_nngceckbapebfimnlniiiahkandclblb$" - "center, class:^(?i)chrome-nngceckbapebfimnlniiiahkandclblb-Default$, initialtitle:^_crx_nngceckbapebfimnlniiiahkandclblb$" - "size 720 600, class:^(?i)chrome-nngceckbapebfimnlniiiahkandclblb-Default$, initialtitle:^_crx_nngceckbapebfimnlniiiahkandclblb$" - "float, class:.*blueman-manager.*" - "size 700 500, class:.*blueman-manager.*" - "center, class:.*blueman-manager.*" - ]; + windowrulev2 = [ + "float, class:^(?i)chrome-nngceckbapebfimnlniiiahkandclblb-Default$, initialtitle:^_crx_nngceckbapebfimnlniiiahkandclblb$" + "center, class:^(?i)chrome-nngceckbapebfimnlniiiahkandclblb-Default$, initialtitle:^_crx_nngceckbapebfimnlniiiahkandclblb$" + "size 720 600, class:^(?i)chrome-nngceckbapebfimnlniiiahkandclblb-Default$, initialtitle:^_crx_nngceckbapebfimnlniiiahkandclblb$" + ]; # Input configuration input = { diff --git a/common/flake.nix b/common/flake.nix index f2852dc..03352ab 100644 --- a/common/flake.nix +++ b/common/flake.nix @@ -43,7 +43,7 @@ }; containers = { forgejo = import ./_containers/forgejo.nix; - obsidian_sync = import ./_containers/obsidian_sync.nix; + # obsidian_sync = import ./_containers/obsidian_sync.nix; }; }; homeManagerModules = { diff --git a/common/secrets/secrets/secrets.nix b/common/secrets/secrets/secrets.nix index b9c59d7..b402367 100644 --- a/common/secrets/secrets/secrets.nix +++ b/common/secrets/secrets/secrets.nix @@ -117,9 +117,9 @@ in "headscale_auth.age" = { publicKeys = trustedKeys; }; - "obsidian_sync_env.age" = { - publicKeys = trustedKeys; - }; + # "obsidian_sync_env.age" = { + # publicKeys = trustedKeys; + # }; "us_chi_wg.age" = { publicKeys = trustedKeys; }; diff --git a/hosts/lio/containers.nix b/hosts/lio/containers.nix index 294c8e0..d2e7d23 100644 --- a/hosts/lio/containers.nix +++ b/hosts/lio/containers.nix @@ -13,15 +13,15 @@ in options = { }; imports = [ - common.nixosModules.containers.obsidian_sync + # common.nixosModules.containers.obsidian_sync ]; config = { # Obsidian Sync settings - services.obsidian_sync = { - serverUrl = "https://obsidiansync.joshuabell.xyz"; - dockerEnvFiles = [ config.age.secrets.obsidian_sync_env.path ]; - }; + # services.obsidian_sync = { + # serverUrl = "https://obsidiansync.joshuabell.xyz"; + # dockerEnvFiles = [ config.age.secrets.obsidian_sync_env.path ]; + # }; ## Give internet access networking = { @@ -62,7 +62,7 @@ in # }; # }; - virtualisation.oci-containers.backend = "docker"; + # virtualisation.oci-containers.backend = "docker"; services.nginx = { enable = true; @@ -74,7 +74,7 @@ in "_" = { default = true; locations."/" = { - return = "444"; # or 444 for drop + return = "404"; # or 444 for drop }; }; }; diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index dc9be42..051cd1c 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -54,7 +54,6 @@ }: { programs = { - steam.enable = true; nix-ld = { enable = true; libraries = with pkgs; [ @@ -66,6 +65,10 @@ ]; }; }; + environment.shellAliases = { + "oc" = + "all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode"; + }; environment.systemPackages = with pkgs; [ lua @@ -75,12 +78,6 @@ appimage-run nodejs_24 ]; - - environment.shellAliases = { - "oc" = - "all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode"; - }; - # Also allow this key to work for root user, this will let us use this as a remote builder easier users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" @@ -113,7 +110,7 @@ tailnet.enable = true; tailnet.enableExitNode = true; ssh.enable = true; - docker.enable = true; + # docker.enable = true; virt-manager.enable = true; flatpaks = { enable = true; diff --git a/hosts/lio/hyprland_customizations.nix b/hosts/lio/hyprland_customizations.nix index 5b979b6..f241275 100644 --- a/hosts/lio/hyprland_customizations.nix +++ b/hosts/lio/hyprland_customizations.nix @@ -12,13 +12,13 @@ let "${mainMonitor},3840x2160@97.98,0x0,1,transform,0" "${secondaryMonitor},3440x1440@99.98,-1440x-640,1,transform,1" ]; - workspace = - let - inherit (builtins) map toString; - inherit (lib) range; - mkWs = monitor: i: "${toString i},monitor:${monitor},persistent:true"; - in - (map (mkWs mainMonitor) (range 1 6)) ++ (map (mkWs secondaryMonitor) (range 7 10)); + # workspace = + # let + # inherit (builtins) map toString; + # inherit (lib) range; + # mkWs = monitor: i: "${toString i},persistent:true"; + # in + # (map (mkWs mainMonitor) (range 1 6)) ++ (map (mkWs secondaryMonitor) (range 7 10)); }; moveScript = pkgs.writeShellScriptBin "hyprland-move-workspaces" '' @@ -91,7 +91,7 @@ let # Subscribe to Hyprland events and react to monitor changes ''${SOCAT} - "UNIX-CONNECT:${"$"}sock" | while IFS= read -r line; do case "${"$"}line" in - monitoradded*|monitorremoved*|activemonitor*|layoutchange*) + monitoradded*|monitorremoved*|activemonitor*|layoutchange*|createworkspace*) place_workspaces ;; esac diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix index 9db6d81..3866fb5 100644 --- a/hosts/oracle/o001/nginx.nix +++ b/hosts/oracle/o001/nginx.nix @@ -172,20 +172,20 @@ ''; }; }; - "obsidiansync.joshuabell.xyz" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://100.64.0.1:5984"; - }; - extraConfig = '' - client_max_body_size 100M; - proxy_redirect off; - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; + # "obsidiansync.joshuabell.xyz" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://100.64.0.1:5984"; + # }; + # extraConfig = '' + # client_max_body_size 100M; + # proxy_redirect off; + # proxy_buffering off; + # proxy_set_header Host $host; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + # }; "jellyfin.joshuabell.xyz" = { enableACME = true; forceSSL = true;