diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index 75c142b..ad42652 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -26,10 +26,7 @@ # git ./modules/gitea.nix - # ./modules/drone/server.nix - # ./modules/drone/runner.nix # ./modules/fwmetrics.nix - # ./modules/podman.nix # home assistant ./modules/home-assistant @@ -37,7 +34,6 @@ # ./modules/mopidy.nix # ./modules/mosquitto.nix ./modules/snapserver.nix - # ./modules/deconz # gaming ./modules/palworld.nix diff --git a/hosts/fw.cloonar.com/modules/deconz/default.nix b/hosts/fw.cloonar.com/modules/deconz/default.nix deleted file mode 100644 index c659563..0000000 --- a/hosts/fw.cloonar.com/modules/deconz/default.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, stdenv, ... }: -let - deconz-full = pkgs.callPackage ./pkg/default.nix { }; - deconz = deconz-full.deCONZ; -in -{ - environment.systemPackages = with pkgs; [ - deconz - ]; - - - users.users."deconz" = { - createHome = true; - isSystemUser = true; - group = "dialout"; - home = "/home/deconz"; - }; - - systemd.services.deconz = { - enable = true; - description = "deconz"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - stopIfChanged = false; - serviceConfig = { - ExecStart = "${deconz}/bin/deCONZ -platform minimal --http-port=8080 --ws-port=8081 --http-listen=127.0.0.1 --dev=/dev/ttyACM0"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - Restart = "always"; - RestartSec = "10s"; - # StartLimitInterval = "1min"; - # StateDirectory = "/var/lib/deconz"; - User = "deconz"; - # DeviceAllow = "char-ttyUSB rwm"; - # DeviceAllow = "char-usb_device rwm"; - # AmbientCapabilities="CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME"; - }; - }; - - services.nginx.virtualHosts."deconz.cloonar.com" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - extraConfig = '' - proxy_buffering off; - ''; - locations."/".extraConfig = '' - set $p 8080; - if ($http_upgrade = "websocket") { - set $p 8081; - } - proxy_pass http://127.0.0.1:$p; - proxy_set_header Host $host; - proxy_redirect http:// https://; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - ''; - }; -} diff --git a/hosts/fw.cloonar.com/modules/deconz/pkg/default.nix b/hosts/fw.cloonar.com/modules/deconz/pkg/default.nix deleted file mode 100644 index 932c0ef..0000000 --- a/hosts/fw.cloonar.com/modules/deconz/pkg/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, pkgs, stdenv, buildFHSUserEnv, fetchurl, dpkg, qt5, sqlite, hicolor-icon-theme, libcap, libpng, libxcrypt-legacy, ... }: -#ith import {}; -let -version = "2.21.02"; -name = "deconz-${version}"; -in -rec { - deCONZ-deb = stdenv.mkDerivation { - #builder = ./builder.sh; - inherit name; - dpkg = dpkg; - src = fetchurl { - url = "https://deconz.dresden-elektronik.de/ubuntu/stable/${name}-qt5.deb"; - sha256 = "2d5ab8af471ffa82fb0fd0c8a2f0bb09e7c0bd9a03ef887abe49c616c63042f0"; - }; - - dontConfigure = true; - dontBuild = true; - dontStrip = true; - - buildInputs = [ dpkg sqlite hicolor-icon-theme libcap libpng qt5.qtbase qt5.qtserialport qt5.qtwebsockets qt5.wrapQtAppsHook libxcrypt-legacy ]; # qt5.qtserialport qt5.qtwebsockets ]; - - unpackPhase = "dpkg-deb -x $src ."; - installPhase = '' - cp -r usr/* . - cp -r ${libxcrypt-legacy}/lib/* share/deCONZ/plugins/ - cp -r share/deCONZ/plugins/* lib/ - cp -r . $out - ''; - - }; - deCONZ = buildFHSUserEnv { - name = "deCONZ"; - targetPkgs = pkgs: [ - deCONZ-deb - ]; - multiPkgs = pkgs: [ - dpkg - qt5.qtbase - qt5.qtserialport - qt5.qtwebsockets - qt5.wrapQtAppsHook - sqlite - hicolor-icon-theme - libcap - libpng - ]; - runScript = "deCONZ"; - }; -} diff --git a/hosts/fw.cloonar.com/modules/drone/runner.nix b/hosts/fw.cloonar.com/modules/drone/runner.nix deleted file mode 100644 index 27b5979..0000000 --- a/hosts/fw.cloonar.com/modules/drone/runner.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, pkgs, ... }: - -{ - users.users.drone-runner = { - isSystemUser = true; - group = "drone-runner"; - home = "/var/lib/drone-runner"; - createHome = true; - }; - users.groups.drone-runner = { }; - users.groups.docker.members = [ "drone-runner" ]; - - systemd.services.drone-runner = { - description = "Drone Runner (CI CD Service)"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; - - serviceConfig = { - Name = "drone-runner"; - User = "drone-runner"; - Group = "drone-runner"; - Restart = "always"; - ExecStartPre= '' - -${pkgs.podman}/bin/podman stop %n \ - ${pkgs.podman}/bin/podman rm %n - ''; - ExecStart= '' - ${pkgs.podman}/bin/podman run --rm --name %n \ - --volume=/var/run/podman.sock:/var/run/podman.sock \ - --env-file=/run/secrets/drone-runner \ - --env=DRONE_RPC_PROTO=https \ - --env=DRONE_RPC_HOST=drone.cloonar.com \ - --env=DRONE_RUNNER_CAPACITY=2 \ - drone/drone-runner-docker:1.8.3 - ''; - }; - }; - - sops.secrets.drone-runner = { - owner = config.systemd.services.drone-runner.serviceConfig.User; - key = "drone"; - }; -} diff --git a/hosts/fw.cloonar.com/modules/drone/secrets.yaml b/hosts/fw.cloonar.com/modules/drone/secrets.yaml deleted file mode 100644 index cd972be..0000000 --- a/hosts/fw.cloonar.com/modules/drone/secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -drone: ENC[AES256_GCM,data:Z1Rjso+5XYfvp2xJDXCQkI88GXl83v2oEkMLmOV/rb0DwRmhxCYzYX6fcdidk271Drf1YaPstVvm2LQB38jlBnJtg98aAGegj2fWfT44IbPIi8qDe93M2gFxFDgosoA2eOS2MjEwyBDp9GEUnKyi2gHR8khnTCvegVIntsusWOW/1tbzymKXavZAJUlX+82d/+6NWUEcnbislxhyph8P1Lgw546q,iv:SllCBHlq8ZCBqOHwMaCUcX6D/VDWsbN7uICZKb/R35w=,tag:mEb4E02VUaYGVjyI30FcXA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OW1JN0hjYjh4cDlmLyt6 - dHRlSjN6Y1JWUFdzNWlZZ3c0Z2F4bXBCa1NFCjM3b3pPZVhtbDdob3lsR2xlMmJI - bjRRMHFjQ2kwWWJKT1p5VW5NVGJuZ3MKLS0tICtRcTFoSmxyeUhaaVlxQUxRWkJl - SXR2M293UFBxNFovRnlTQ1o4SzloaEEK+onGdd/7aEF71ibLoLXE5/SbJQWsKigh - h8BhfT1z9P5UYNoGHVv8Ry6LndyrBLEv+PUBuT0XJpEVPjKLm99KbQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyL3dDczRNMjNQUWVjelR5 - TG93QUFjVGtMNFplaTErOTJjT2dHbWtWUVNzCjNTV0tUY2hpcnp1SDZ4UTB2aFNI - M2JwSkdNS0RFQVlPRUNzRG41aW5aS3cKLS0tIEJtaTRXdTI3NGJxZENJTk9jT1hi - N3RLRjdkMmZkSmZWZGlYbXRRUTJOZFEK2bJo7iyE3A5ds7tW5bAHgyfGqgH4cRjY - hLzYp083QYbXKAqP1w8a3JFXofv1RWd7tUb61I6R4Rd6hXZUv1a5Qw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-10T12:35:53Z" - mac: ENC[AES256_GCM,data:44J9abLbHkvjAtIUqXVZlcEAnizgg5yxKwyaZhnqIzzebWEpzqcKP6b72blaD7/jSdAiUo7bk/m4BxKVGHf9XKGxyLastbgYoFtz40rsKg9LOKpEfO2kl3JV5dj7C1f8IgsHWZ8L3Vb6KFKcrK2bzjZ5K5p22hCze4lQbK7CZTE=,iv:TE+6juCOTjTrx5nQhi8W5gaZkMFYrEDtoPrGdSTJSNE=,tag:AVsCIkzPjtfk3uSlsv6Dlg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/hosts/fw.cloonar.com/modules/drone/server.nix b/hosts/fw.cloonar.com/modules/drone/server.nix deleted file mode 100644 index 87c8b52..0000000 --- a/hosts/fw.cloonar.com/modules/drone/server.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, pkgs, ... }: - -{ - users.users.drone-server = { - isSystemUser = true; - group = "drone-server"; - home = "/var/lib/drone-server"; - createHome = true; - }; - users.groups.drone-server = { }; - users.groups.docker.members = [ "drone-server" ]; - - systemd.services.drone-server = { - description = "Drone Server (CI CD Service)"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; - - serviceConfig = { - Name = "drone-server"; - User = "drone-server"; - Group = "drone-server"; - Restart = "always"; - ExecStartPre= '' - -${pkgs.podman}/bin/podman stop %n \ - ${pkgs.podman}/bin/podman rm %n - ''; - ExecStart= '' - ${pkgs.podman}/bin/podman run --rm --name %n \ - --env-file=/run/secrets/drone-server \ - --env=DRONE_AGENTS_ENABLED=true \ - --env=DRONE_GITEA_SERVER=https://git.cloonar.com \ - --env=DRONE_GITEA_CLIENT_ID=6a7b8c57-bd71-49c8-b67d-c2de68fda649 \ - --env=DRONE_GIT_ALWAYS_AUTH=true \ - --env=DRONE_SERVER_HOST=drone.cloonar.com \ - --env=DRONE_SERVER_PROTO=https \ - --env=DRONE_USER_CREATE=username:dominik.polakovics,admin:true \ - -v /var/lib/drone:/data \ - --publish=8080:80 \ - drone/drone:2.20.0 - ''; - }; - }; - - services.nginx.enable = true; - services.nginx.virtualHosts."drone.cloonar.com" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/" = { - proxyPass = "http://localhost:8080"; - }; - }; - - sops.secrets.drone-server = { - owner = config.systemd.services.drone-server.serviceConfig.User; - key = "drone"; - }; -}