bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 00:29:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

revert server modules to pre-merge state

Browse source 
Server work (frigate, bitcoin/clightning, forgejo, nginx) was merged
before ready. Reverts these to de56423 state. Work is preserved on
branches: cameras, lightning, server, bitcoind.
This commit is contained in:
Bryan Ramos 2026-03-08 11:04:30 -04:00
parent 0bcd891c7c
commit dab93c5ee0
12 changed files with 107 additions and 388 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/system/machines/server/system.nix
View file

@ -8,25 +8,18 @@
system = {
nginx.enable = true;
forgejo.enable = true;
frigate.enable = true;
bitcoin = {
enable = true;
electrum.enable = true;
#clightning = {
# enable = true;
# rest.enable = true;
#};
};
};
};
users.mutableUsers = false;
users.users = {
"${config.user.name}" = {
${config.user.name} = {
isNormalUser = true;
extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
password = "123";
};
};
@ -69,7 +62,7 @@
fonts.packages = with pkgs; [
terminus_font
nerd-fonts.terminess-ttf
terminus-nerdfont
];
security.sudo = {
@ -109,13 +102,6 @@
};
};
virtualisation.vmVariant = {
virtualisation.forwardPorts = [
{ from = "host"; host.port = 5000; guest.port = 5000; }
];
};
services.openssh = {
enable = true;
startWhenNeeded = true;

6
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -1,7 +1,10 @@
server=1
mempoolfullrbf=1
v2transport=1
rpcauth=
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
@ -13,5 +16,4 @@ proxy=127.0.0.1:9050
listen=1
listenonion=1
torcontrol=127.0.0.1:9051
startupnotify=chmod g+r /var/lib/bitcoind/.cookie
torenablecircuit=1

26
src/system/modules/bitcoin/default.nix
View file

@ -7,16 +7,21 @@ let
home = "/var/lib/bitcoind";
bitcoinConf = pkgs.writeTextFile {
name = "bitcoin.conf";
text = builtins.readFile ./config/bitcoin.conf;
};
in
{ options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; };
config = mkIf cfg.enable {
nixpkgs.overlays = [
(final: prev: {
bitcoind = prev.bitcoind.overrideAttrs (old: rec {
version = "29.0";
version = "28.0";
src = fetchTarball {
url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz";
sha256 = "sha256-XvoqYA5RYXbOjeidxV4Wxb8DhYv6Hz510XNMhmWkV1Y=";
sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY=";
};
});
})
@ -28,17 +33,17 @@ in
inherit home;
description = "Bitcoin Core system user";
isSystemUser = true;
group = "btc";
group = "bitcoin";
createHome = true;
};
"${config.services.nginx.user}" = {
"nginx" = {
extraGroups = mkIf nginx.enable [
"btc"
"bitcoin"
];
};
};
groups = {
"btc" = {
"bitcoin" = {
members = [
"btc"
];
@ -54,16 +59,11 @@ in
"btc" = {
enable = true;
user = "btc";
group = "btc";
configFile = ./config/bitcoin.conf;
group = "bitcoin";
configFile = bitcoinConf;
dataDir = home;
pidFile = "${home}/bitcoind.pid";
};
};
services.tor = {
enable = true;
client.enable = true;
};
};
}

23
src/system/modules/bitcoin/modules/clightning/config/lightning.conf
View file

@ -1,23 +0,0 @@
alias=OrdSux
daemon
mainnet
bitcoin-datadir=/var/lib/bitcoind
lightning-dir=/var/lib/lightningd
plugin-dir=/var/lib/lightningd/plugins
log-file=/var/lib/lightningd/log
log-level=info
pid-file=/var/lib/lightning/lightningd.pid
bind-addr=127.0.0.1:9734
proxy=127.0.0.1:9050
always-use-proxy=false
large-channels
fee-base=1000
fee-per-satoshi=10
min-capacity-sat=10000
htlc-minimum-msat=0
funding-confirms=3
max-concurrent-htlcs=30

90
src/system/modules/bitcoin/modules/clightning/default.nix
View file

@ -1,90 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.modules.system.bitcoin.clightning;
btc = config.modules.system.bitcoin;
clnConfig = pkgs.writeTextFile {
name = "lightning.conf";
text = builtins.readFile ./config/lightning.conf;
};
in
{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; };
imports = [ ./plugins ];
config = mkIf (cfg.enable && btc.enable) {
#nixpkgs.overlays = [
# (final: prev: {
# clightning = prev.electrs.overrideAttrs (old: rec {
# version = "24.08";
# src = pkgs.fetchFromGitHub {
# owner = "ElementsProject";
# repo = "lightning";
# rev = "82f4ad68e34a2428c556e63fc2632d48a914968c";
# hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g";
# };
# cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
# name = "lightning-vendor.tar.gz";
# inherit src;
# outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g=";
# });
# });
# })
#];
environment.systemPackages = with pkgs; [
clightning
];
users = {
users = {
"cln" = {
home = "/var/lib/lightningd";
description = "Core Lightning system user";
isSystemUser = true;
group = "btc";
createHome = true;
};
};
groups = {
"btc" = {
members = [
"cln"
];
};
};
};
programs.bash.shellAliases = {
cln = "lightningd";
};
systemd.services.lightningd = {
description = "Core Lightning Daemon";
serviceConfig = {
User = "cln";
Group = "btc";
StateDirectory = "lightningd";
WorkingDirectory = "%S/lightningd";
ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}";
Type = "simple";
KillMode = "process";
TimeoutSec = 60;
Restart = "always";
RestartSec = 2;
};
after = [
"bitcoind-btc.service"
"network.target"
];
requires = [ "bitcoind-btc.service" ];
partOf = [ "bitcoind-btc.service" ];
wantedBy = [ "multi-user.target" ];
};
};
}

35
src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix
View file

@ -1,35 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.modules.system.bitcoin.clightning.rest;
cln = config.modules.system.bitcoin.clightning;
in
{ options.modules.system.bitcoin.clightning.rest = { enable = mkEnableOption "C-Lightning REST API Server"; };
config = mkIf (cfg.enable && cln.enable) {
nixpkgs.overlays = [
(final: prev: {
clightning-REST = prev.buildNpmPackage rec {
pname = "c-lightning-rest";
version = "0.10.7";
src = prev.fetchFromGitHub {
owner = "Ride-The-Lightning";
repo = "c-lightning-REST";
rev = "v${version}";
hash = "sha256-Z3bLH/nqhO2IPE1N4TxYhEDh2wHR0nT801kztfYoj+s=";
};
npmDepsHash = "sha256-svt5hjhTriGhehxC36yGwrqcjax/9UqqVzxEhHnoM0M=";
dontNpmBuild = true;
meta = with lib; {
description = "REST APIs for Core Lightning written with node.js ";
homepage = "https://github.com/Ride-The-Lightning/c-lightning-REST";
license = licenses.mit;
};
};
})
];
};
}

5
src/system/modules/bitcoin/modules/clightning/plugins/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./c-lightning-REST
];
}

10
src/system/modules/bitcoin/modules/electrum/config/config.toml
View file

@ -2,11 +2,13 @@ network = "bitcoin"
electrum_rpc_addr = "127.0.0.1:50001"
cookie_file = "/var/lib/bitcoind/.cookie"
cookie-file = "/var/lib/bitcoind/.cookie"
db_dir = "/var/lib/electrs"
log_filters = "INFO"
timestamp = true
daemon_rpc_addr = "127.0.0.1:8332"
daemon_p2p_addr = "127.0.0.1:8333"
daemon_dir = "/var/lib/bitcoind"
daemon-rpc-addr = "127.0.0.1:8332"
daemon-p2p-addr = "127.0.0.1:8333"
daemon-dir = "/var/lib/bitcoind"

56
src/system/modules/bitcoin/modules/electrum/default.nix
View file

@ -3,6 +3,8 @@
with lib;
let
cfg = config.modules.system.bitcoin.electrum;
home = "/var/lib/electrs";
btc = config.modules.system.bitcoin;
electrsConfig = pkgs.writeTextFile {
@ -13,21 +15,24 @@ let
in
{ options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; };
config = mkIf (cfg.enable && btc.enable) {
#TODO: Fix the failing overlay due to `cargoHash/cargoSha256`
#nixpkgs.overlays = [
# (final: prev: {
# electrs = prev.electrs.overrideAttrs (old: rec {
# version = "0.10.6";
# pname = "electrs";
# version = "0.10.8";
# src = pkgs.fetchFromGitHub {
# owner = "romanz";
# repo = "electrs";
# repo = pname;
# rev = "v${version}";
# hash = "sha256-yp9fKD7zH9Ne2+WQUupaxvUx39RWE8RdY4U6lHuDGSc=";
# hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE=";
# };
# cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
# name = "electrs-vendor.tar.gz";
# inherit src;
# outputHash = "sha256-qQKAQHOAeYWQ5YVtx12hIAjNA7Aj1MW1m+WimlBWPv0=";
# });
# #cargoDeps = old.cargoDeps.overrideAttrs (const {
# # name = "electrs-${version}.tar.gz";
# # inherit src;
# # sha256 = "";
# #});
# cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU=";
# });
# })
#];
@ -39,16 +44,16 @@ in
users = {
users = {
"electrs" = {
home = "/var/lib/electrs";
inherit home;
description = "Electrs system user";
isSystemUser = true;
group = "btc";
group = "bitcoin";
createHome = true;
};
};
groups = {
"btc" = {
members = [
"bitcoin" = {
members = mkAfter [
"electrs"
];
};
@ -58,28 +63,29 @@ in
systemd.services.electrs = {
description = "Electrs Bitcoin Indexer";
script = "${pkgs.electrs}/bin/electrs";
scriptArgs = "--conf=${electrsConfig}";
after = [
"bitcoind-btc.service"
];
serviceConfig = {
User = "electrs";
Group = "btc";
StateDirectory = "electrs";
WorkingDirectory = "%S/electrs";
ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}";
Group = "bitcoin";
Type = "simple";
KillMode = "process";
TimeoutSec = 60;
Restart = "on-failure";
RestartSec = 2;
Restart = "always";
RestartSec = 60;
};
after = [
"network.target"
requisite = [
"bitcoind-btc.service"
"network.target"
];
requires = [ "bitcoind-btc.service" ];
partOf = [ "bitcoind-btc.service" ];
wantedBy = [ "multi-user.target" ];
};
};
}

22
src/system/modules/forgejo/default.nix
View file

@ -10,25 +10,24 @@ in
config = mkIf cfg.enable {
users = {
users = {
"${config.services.forgejo.user}" = {
"git" = {
description = "Git server system user";
home = config.services.forgejo.stateDir;
isSystemUser = true;
group = "${config.services.forgejo.user}";
group = "git";
extraGroups = mkIf nginx.enable [
"web"
];
};
"${config.services.nginx.user}" = {
"nginx" = {
extraGroups = mkIf nginx.enable [
"${config.services.forgejo.group}"
"git"
];
};
};
groups = {
"${config.services.forgejo.group}" = {
"git" = {
members = [
"${config.services.forgejo.user}"
"git"
];
};
};
@ -45,24 +44,15 @@ in
PROTOCOL = "http+unix";
DOMAIN = "127.0.0.1";
HTTP_ADDR = "/run/forgejo/forgejo.sock";
ROOT_URL = "https://git.ramos.codes";
};
};
database = {
name = "git";
inherit user;
type = "sqlite3";
path = "${stateDir}/data/forgejo.db";
createDatabase = true;
};
dump = {
enable = true;
file = "git.bkup";
type = "tar.gz";
interval = "weekly";
};
};
};
}

100
src/system/modules/frigate/default.nix
View file

@ -1,100 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.frigate;
nginx = config.modules.system.nginx;
in
{ options.modules.system.frigate = { enable = mkEnableOption "Enable Frigate NVR"; };
config = mkIf cfg.enable {
services.frigate = {
enable = true;
hostname = "frigate";
settings = {
web = {
bind_address = "0.0.0.0";
port = "5000";
};
mqtt = {
enabled = true;
host = "localhost";
};
cameras = {
"Doorbell" = {
ffmpeg = {
inputs = [
{
path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}
{
path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=1";
roles = [ "detect" ];
}
];
};
};
"Living Room" = {
ffmpeg = {
inputs = [
{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}
{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=1";
roles = [ "detect" ];
}
];
};
};
"Kitchen" = {
ffmpeg = {
inputs = [
{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0";
roles = [ "record" ];
}
{
path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=1";
roles = [ "detect" ];
}
];
};
};
"Parking Lot" = {
ffmpeg = {
inputs = [
{
path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}
{
path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=1";
roles = [ "detect" ];
}
];
};
};
"Porch" = {
ffmpeg = {
inputs = [
{
path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}
{
path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=1";
roles = [ "detect" ];
}
];
};
};
};
};
};
networking.firewall.allowedTCPPorts = [ 5000 ];
};
}

104
src/system/modules/nginx/default.nix
View file

@ -4,100 +4,86 @@ with lib;
let
cfg = config.modules.system.nginx;
module = config.modules.system;
forgejo = config.services.forgejo;
in
{ options.modules.system.nginx = { enable = mkEnableOption "Nginx Reverse Proxy"; };
config = mkIf cfg.enable {
users = {
users = {
"${config.services.nginx.user}" = {
"nginx" = {
description = "Web server system user";
isSystemUser = true;
group = mkForce "${config.services.nginx.group}";
extraGroups = [
"${config.security.acme.defaults.group}"
];
group = mkForce "web";
};
"btc" = {
extraGroups = mkIf module.bitcoin.enable [
"${config.services.nginx.group}"
"web"
];
};
"${forgejo.user}" = {
"git" = {
extraGroups = mkIf module.forgejo.enable [
"${config.services.nginx.group}"
"web"
];
};
};
groups = {
"${config.services.nginx.group}" = {
"web" = {
members = [
"${config.services.nginx.user}"
"nginx"
];
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "${config.user.email}";
validMinDays = 90;
listenHTTP = ":80";
};
certs = {
"ramos.codes" = {
extraDomainNames = [
"git.ramos.codes"
"btc.ramos.codes"
];
};
};
};
services.nginx =
security.acme =
let
certPath = config.security.acme.certs."ramos.codes".directory;
sslCertificate = "${certPath}/fullchain.pem";
sslCertificateKey = "${certPath}/key.pem";
withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
inherit sslCertificate sslCertificateKey;
forceSSL = true;
}) hosts;
acmeDir = "/var/lib/acme";
in
{
enable = true;
user = "nginx";
group = "web";
recommendedProxySettings = true;
recommendedTlsSettings = true;
acceptTerms = true;
certs = {
"ramos.codes" = {
#webroot = "${acmeDir}/acme-challenge";
directory = "${acmeDir}/ramos.codes";
email = config.user.email;
group = "web";
validMinDays = 90;
extraDomainNames = attrNames config.services.nginx.virtualHosts;
listenHTTP = ":80";
};
};
};
virtualHosts = withSSL {
services.nginx = {
enable = true;
virtualHosts =
let
certPath = config.security.acme.certs."ramos.codes".directory;
sslCertificate = "${certPath}/fullchain.pem";
sslCertificateKey = "${certPath}/key.pem";
withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
inherit sslCertificate sslCertificateKey;
forceSSL = true;
}) hosts;
in withSSL
{
"git.ramos.codes" = mkIf module.forgejo.enable {
locations = {
"/" = {
proxyPass = "http://unix:${forgejo.settings.server.HTTP_ADDR}";
proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}";
};
};
};
#"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable {
# locations = {
# "/" = {
# proxyPass = "";
# };
# };
#};
};
streamConfig = ''
${lib.optionalString module.bitcoin.electrum.enable ''
server {
listen 0.0.0.0:50002 ssl;
proxy_pass 127.0.0.1:50001;
ssl_certificate ${sslCertificate};
ssl_certificate_key ${sslCertificateKey};
}
''}
'';
};
networking.firewall.allowedTCPPorts = [
50002
];
};
}