about summary refs log tree commit diff
path: root/users/wpcarro/nixos/socrates
diff options
context:
space:
mode:
Diffstat (limited to 'users/wpcarro/nixos/socrates')
-rw-r--r--users/wpcarro/nixos/socrates/default.nix217
-rw-r--r--users/wpcarro/nixos/socrates/hardware.nix30
2 files changed, 0 insertions, 247 deletions
diff --git a/users/wpcarro/nixos/socrates/default.nix b/users/wpcarro/nixos/socrates/default.nix
deleted file mode 100644
index 6284977af69f..000000000000
--- a/users/wpcarro/nixos/socrates/default.nix
+++ /dev/null
@@ -1,217 +0,0 @@
-{ pkgs, depot, ... }:
-
-{
-  imports = [ ./hardware.nix ];
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking = {
-    hostName = "socrates";
-    # The global useDHCP flag is deprecated, therefore explicitly set to false
-    # here.  Per-interface useDHCP will be mandatory in the future, so this
-    # generated config replicates the default behaviour.
-    useDHCP = false;
-    networkmanager.enable = true;
-    interfaces.enp2s0f1.useDHCP = true;
-    interfaces.wlp3s0.useDHCP = true;
-    firewall.allowedTCPPorts = [ 9418 80 443 6697 ];
-  };
-
-  time.timeZone = "UTC";
-
-  programs.fish.enable = true;
-  programs.mosh.enable = true;
-
-  environment.systemPackages = with pkgs; [
-    curl
-    direnv
-    emacs26-nox
-    gnupg
-    htop
-    pass
-    vim
-    certbot
-    tree
-    git
-  ];
-
-  users = {
-    # I need a git group to run the git server.
-    groups.git = {};
-
-    users.wpcarro = {
-      isNormalUser = true;
-      extraGroups = [ "git" "wheel" ];
-      shell = pkgs.fish;
-    };
-
-    users.git = {
-      group = "git";
-      isNormalUser = false;
-    };
-  };
-
-  nix = {
-    nixPath = [];
-    trustedUsers = [ "root" "wpcarro" ];
-  };
-
-  ##############################################################################
-  # Services
-  ##############################################################################
-
-  systemd.services.bitlbee-stunnel = {
-    description = "Provides TLS termination for Bitlbee.";
-    wantedBy = [ "multi-user.target" ];
-    unitConfig = {
-      Restart = "always";
-      User = "nginx"; # This is a hack to easily get certificate access.
-    };
-    script = let configFile = builtins.toFile "stunnel.conf" ''
-      foreground = yes
-      debug = 7
-
-      [ircs]
-      accept = 0.0.0.0:6697
-      connect = 6667
-      cert = /var/lib/acme/wpcarro.dev/full.pem
-    ''; in "${pkgs.stunnel}/bin/stunnel ${configFile}";
-  };
-
-  nixpkgs.config.bitlbee.enableLibPurple = true;
-  services.bitlbee = {
-    interface = "0.0.0.0";
-    enable = true;
-    libpurple_plugins = [
-      pkgs.telegram-purple
-    ];
-  };
-
-  services.journaldriver = {
-    enable = true;
-    logStream = "home";
-    googleCloudProject = "wpcarros-infrastructure";
-    applicationCredentials = "/etc/gcp/key.json";
-  };
-
-  services.openssh.enable = true;
-
-  services.gitea = {
-    enable = true;
-    # Without this the links to clone a repository like briefcase will be
-    # "http://localhost:3000/wpcarro/briefcase".
-    rootUrl = "https://git.wpcarro.dev/";
-  };
-
-  services.buildkite-agents = {
-    socrates = {
-      enable = true;
-      tokenPath = "/etc/secrets/buildkite-agent-token";
-      privateSshKeyPath = "/etc/ssh/buildkite_agent_id_rsa";
-    };
-  };
-
-  systemd.services.zoo = {
-    enable = true;
-    description = "Run my monoserver";
-    script = "${depot.users.wpcarro.zoo}/zoo";
-    environment = {};
-    serviceConfig = {
-      Restart = "always";
-    };
-  };
-
-  services.gitDaemon = {
-    enable = true;
-    basePath = "/srv/git";
-    exportAll = true;
-    repositories = [ "/srv/git/briefcase" ];
-  };
-
-  # Since I'm using this laptop as a server in my flat, I'd prefer to close its
-  # lid.
-  services.logind.lidSwitch = "ignore";
-
-  security.polkit.extraConfig = ''
-    polkit.addRule(function(action, subject) {
-      polkit.log("subject.user: " + subject.user + " is attempting action.id: " + action.id);
-    });
-  '';
-
-  # Provision SSL certificates to support HTTPS connections.
-  security.acme.acceptTerms = true;
-  security.acme.email = "wpcarro@gmail.com";
-
-  services.nginx = {
-    enable = true;
-    enableReload = true;
-
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedProxySettings = true;
-
-    commonHttpConfig = ''
-      log_format json_combined escape=json
-      '{'
-          '"remote_addr":"$remote_addr",'
-          '"method":"$request_method",'
-          '"host":"$host",'
-          '"uri":"$request_uri",'
-          '"status":$status,'
-          '"request_size":$request_length,'
-          '"response_size":$body_bytes_sent,'
-          '"response_time":$request_time,'
-          '"referrer":"$http_referer",'
-          '"user_agent":"$http_user_agent"'
-      '}';
-
-      access_log syslog:server=unix:/dev/log,nohostname json_combined;
-    '';
-
-    virtualHosts = {
-      "wpcarro.dev" = {
-        addSSL = true;
-        enableACME = true;
-        root = depot.users.wpcarro.website;
-      };
-      "learn.wpcarro.dev" = {
-        addSSL = true;
-        enableACME = true;
-        root = depot.users.wpcarro.website.learn;
-      };
-      "git.wpcarro.dev" = {
-        addSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://localhost:3000";
-        };
-      };
-      "blog.wpcarro.dev" = {
-        addSSL = true;
-        enableACME = true;
-        root = depot.users.wpcarro.website.blog;
-      };
-      # "sandbox.wpcarro.dev" = {
-      #   addSSL = true;
-      #   enableACME = true;
-      #   root = depot.users.wpcarro.website.sandbox;
-      # };
-      # "learnpianochords.app" = {
-      #   addSSL = true;
-      #   enableACME = true;
-      #   root = depot.users.wpcarro.website.sandbox.learnpianochords;
-      # };
-      "zoo.wpcarro.dev" = {
-        addSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://localhost:8000";
-        };
-      };
-    };
-  };
-
-  system.stateVersion = "20.09";
-}
diff --git a/users/wpcarro/nixos/socrates/hardware.nix b/users/wpcarro/nixos/socrates/hardware.nix
deleted file mode 100644
index dde14eb1e627..000000000000
--- a/users/wpcarro/nixos/socrates/hardware.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/aadf1a77-1e98-4b5f-8e74-abf8e77bda34";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/1613-35B9";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 2;
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}