revert server modules to pre-merge state

Server work (frigate, bitcoin/clightning, forgejo, nginx) was merged
before ready. Reverts these to de56423 state. Work is preserved on
branches: cameras, lightning, server, bitcoind.

src/system/machines/server/system.nix

@@ -8,25 +8,18 @@
     system = {
       nginx.enable = true;
       forgejo.enable = true;
-      frigate.enable = true;
       bitcoin = {
         enable = true;
         electrum.enable = true;
-        #clightning = {
-        #  enable = true;
-        #  rest.enable = true;
-        #};
       };
     };
   };
 
-  users.mutableUsers = false;
   users.users = {
-    "${config.user.name}" = {
+    ${config.user.name} = {
       isNormalUser = true;
       extraGroups = config.user.groups;
       openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
-      password = "123";
     };
   };
 
@@ -69,7 +62,7 @@
 
   fonts.packages = with pkgs; [
     terminus_font
-    nerd-fonts.terminess-ttf  
+    terminus-nerdfont
   ];
 
   security.sudo = {
@@ -109,13 +102,6 @@
     };
   };
 
-
-  virtualisation.vmVariant = {
-    virtualisation.forwardPorts = [
-      { from = "host"; host.port = 5000; guest.port = 5000; }
-    ];
-  };
-
   services.openssh = {
     enable = true;
     startWhenNeeded = true;

src/system/modules/bitcoin/config/bitcoin.conf

@@ -1,7 +1,10 @@
 server=1
 
+mempoolfullrbf=1
 v2transport=1
 
+rpcauth=
+
 rpcbind=127.0.0.1
 rpcallowip=127.0.0.1
 
@@ -13,5 +16,4 @@ proxy=127.0.0.1:9050
 listen=1
 listenonion=1
 torcontrol=127.0.0.1:9051
-
+torenablecircuit=1
-startupnotify=chmod g+r /var/lib/bitcoind/.cookie

src/system/modules/bitcoin/default.nix

@@ -7,16 +7,21 @@ let
 
   home = "/var/lib/bitcoind";
 
+  bitcoinConf = pkgs.writeTextFile {
+    name = "bitcoin.conf";
+    text = builtins.readFile ./config/bitcoin.conf;
+  };
+
 in
 { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; };
   config = mkIf cfg.enable {
     nixpkgs.overlays = [
       (final: prev: {
         bitcoind = prev.bitcoind.overrideAttrs (old: rec {
-          version = "29.0";
+          version = "28.0";
           src = fetchTarball {
             url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz";
-            sha256 = "sha256-XvoqYA5RYXbOjeidxV4Wxb8DhYv6Hz510XNMhmWkV1Y=";
+            sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY=";
           };
         });
       })
@@ -28,17 +33,17 @@ in
           inherit home;
           description = "Bitcoin Core system user";
           isSystemUser = true;
-          group = "btc";
+          group = "bitcoin";
           createHome = true;
         };
-        "${config.services.nginx.user}" = {
+        "nginx" = {
           extraGroups = mkIf nginx.enable [
-            "btc"
+            "bitcoin"
           ];
         };
       };
       groups = {
-        "btc" = {
+        "bitcoin" = {
           members = [
             "btc"
           ];
@@ -54,16 +59,11 @@ in
       "btc" = {
         enable = true;
         user = "btc";
-        group = "btc";
+        group = "bitcoin";
-        configFile = ./config/bitcoin.conf;
+        configFile = bitcoinConf;
         dataDir = home;
         pidFile = "${home}/bitcoind.pid";
       };
     };
-
-    services.tor = {
-      enable = true;
-      client.enable = true;
-    };
   };
 }

src/system/modules/bitcoin/modules/clightning/config/lightning.conf

@@ -1,23 +0,0 @@
-alias=OrdSux
-
-daemon
-mainnet
-bitcoin-datadir=/var/lib/bitcoind
-lightning-dir=/var/lib/lightningd
-plugin-dir=/var/lib/lightningd/plugins
-
-log-file=/var/lib/lightningd/log
-log-level=info
-pid-file=/var/lib/lightning/lightningd.pid
-
-bind-addr=127.0.0.1:9734
-proxy=127.0.0.1:9050
-always-use-proxy=false
-
-large-channels
-fee-base=1000
-fee-per-satoshi=10
-min-capacity-sat=10000
-htlc-minimum-msat=0
-funding-confirms=3
-max-concurrent-htlcs=30

src/system/modules/bitcoin/modules/clightning/default.nix

@@ -1,90 +0,0 @@
-{ lib, pkgs, config, ... }:
-
-with lib;
-let
-  cfg = config.modules.system.bitcoin.clightning;
-  btc = config.modules.system.bitcoin;
-
-  clnConfig = pkgs.writeTextFile {
-    name = "lightning.conf";
-    text = builtins.readFile ./config/lightning.conf;
-  };
-
-in
-{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; };
-  imports = [ ./plugins ];
-  config = mkIf (cfg.enable && btc.enable) {
-    #nixpkgs.overlays = [
-    #  (final: prev: {
-    #    clightning = prev.electrs.overrideAttrs (old: rec {
-    #      version = "24.08";
-    #      src = pkgs.fetchFromGitHub {
-    #        owner = "ElementsProject";
-    #        repo = "lightning";
-    #        rev = "82f4ad68e34a2428c556e63fc2632d48a914968c";
-    #        hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g";
-    #      };
-    #      cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
-    #        name = "lightning-vendor.tar.gz";
-    #        inherit src;
-    #        outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g=";
-    #      });
-    #    });
-    #  })
-    #];
-
-    environment.systemPackages = with pkgs; [
-      clightning
-    ];
-
-    users = {
-      users = {
-        "cln" = {
-          home = "/var/lib/lightningd";
-          description = "Core Lightning system user";
-          isSystemUser = true;
-          group = "btc";
-          createHome = true;
-        };
-      };
-      groups = {
-        "btc" = {
-          members = [
-            "cln"
-          ];
-        };
-      };
-    };
-
-    programs.bash.shellAliases = {
-      cln = "lightningd";
-    };
-
-    systemd.services.lightningd = {
-      description = "Core Lightning Daemon";
-      serviceConfig = {
-        User = "cln";
-        Group = "btc";
-
-        StateDirectory = "lightningd";
-        WorkingDirectory = "%S/lightningd";
-
-        ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}";
-
-        Type = "simple";
-        KillMode = "process";
-        TimeoutSec = 60;
-        Restart = "always";
-        RestartSec = 2;
-      };
-
-      after = [
-        "bitcoind-btc.service"
-        "network.target"
-      ];
-      requires = [ "bitcoind-btc.service" ];
-      partOf = [ "bitcoind-btc.service" ];
-      wantedBy = [ "multi-user.target" ];
-    };
-  };
-}

src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix

@@ -1,35 +0,0 @@
-{ lib, pkgs, config, ... }:
-
-with lib;
-let
-  cfg = config.modules.system.bitcoin.clightning.rest;
-  cln = config.modules.system.bitcoin.clightning;
-
-in
-{ options.modules.system.bitcoin.clightning.rest = { enable = mkEnableOption "C-Lightning REST API Server"; };
-  config = mkIf (cfg.enable && cln.enable) {
-    nixpkgs.overlays = [
-      (final: prev: {
-        clightning-REST = prev.buildNpmPackage rec {
-          pname = "c-lightning-rest";
-          version = "0.10.7";
-          src = prev.fetchFromGitHub {
-            owner = "Ride-The-Lightning";
-            repo = "c-lightning-REST";
-            rev = "v${version}";
-            hash = "sha256-Z3bLH/nqhO2IPE1N4TxYhEDh2wHR0nT801kztfYoj+s=";
-          };
-
-          npmDepsHash = "sha256-svt5hjhTriGhehxC36yGwrqcjax/9UqqVzxEhHnoM0M=";
-          dontNpmBuild = true;
-
-          meta = with lib; {
-            description = "REST APIs for Core Lightning written with node.js ";
-            homepage = "https://github.com/Ride-The-Lightning/c-lightning-REST";
-            license = licenses.mit;
-          };
-        };
-      })
-    ];
-  };
-}

src/system/modules/bitcoin/modules/clightning/plugins/default.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ./c-lightning-REST
-  ];
-}

src/system/modules/bitcoin/modules/electrum/config/config.toml

@@ -2,11 +2,13 @@ network = "bitcoin"
 
 electrum_rpc_addr = "127.0.0.1:50001"
 
-cookie_file = "/var/lib/bitcoind/.cookie"
+cookie-file = "/var/lib/bitcoind/.cookie"
+
 db_dir = "/var/lib/electrs"
 
 log_filters = "INFO"
+timestamp = true
 
-daemon_rpc_addr = "127.0.0.1:8332"
+daemon-rpc-addr = "127.0.0.1:8332"
-daemon_p2p_addr = "127.0.0.1:8333"
+daemon-p2p-addr = "127.0.0.1:8333"
-daemon_dir = "/var/lib/bitcoind"
+daemon-dir = "/var/lib/bitcoind"

src/system/modules/bitcoin/modules/electrum/default.nix

@@ -3,6 +3,8 @@
 with lib;
 let
   cfg = config.modules.system.bitcoin.electrum;
+  home = "/var/lib/electrs";
+
   btc = config.modules.system.bitcoin;
 
   electrsConfig = pkgs.writeTextFile {
@@ -13,21 +15,24 @@ let
 in
 { options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; };
   config = mkIf (cfg.enable && btc.enable) {
+    #TODO: Fix the failing overlay due to `cargoHash/cargoSha256`
     #nixpkgs.overlays = [
     #  (final: prev: {
     #    electrs = prev.electrs.overrideAttrs (old: rec {
-    #      version = "0.10.6";
+    #      pname = "electrs";
+    #      version = "0.10.8";
     #      src = pkgs.fetchFromGitHub {
     #        owner = "romanz";
-    #        repo = "electrs";
+    #        repo = pname;
     #        rev = "v${version}";
-    #        hash = "sha256-yp9fKD7zH9Ne2+WQUupaxvUx39RWE8RdY4U6lHuDGSc=";
+    #        hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE=";
     #      };
-    #      cargoDeps = old.cargoDeps.overrideAttrs (lib.const {
+    #      #cargoDeps = old.cargoDeps.overrideAttrs (const {
-    #        name = "electrs-vendor.tar.gz";
+    #      #  name = "electrs-${version}.tar.gz";
-    #        inherit src;
+    #      #  inherit src;
-    #        outputHash = "sha256-qQKAQHOAeYWQ5YVtx12hIAjNA7Aj1MW1m+WimlBWPv0=";
+    #      #  sha256 = "";
-    #      });
+    #      #});
+    #      cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU=";
     #    });
     #  })
     #];
@@ -39,16 +44,16 @@ in
     users = {
       users = {
         "electrs" = {
-          home = "/var/lib/electrs";
+          inherit home;
           description = "Electrs system user";
           isSystemUser = true;
-          group = "btc";
+          group = "bitcoin";
           createHome = true;
         };
       };
       groups = {
-        "btc" = {
+        "bitcoin" = {
-          members = [
+          members = mkAfter [
             "electrs"
           ];
         };
@@ -58,28 +63,29 @@ in
 
     systemd.services.electrs = {
       description = "Electrs Bitcoin Indexer";
+
+      script = "${pkgs.electrs}/bin/electrs";
+      scriptArgs = "--conf=${electrsConfig}";
+
+      after = [
+        "bitcoind-btc.service"
+      ];
+
       serviceConfig = {
+
         User = "electrs";
-        Group = "btc";
+        Group = "bitcoin";
-
-        StateDirectory   = "electrs";
-        WorkingDirectory = "%S/electrs";
-
-        ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}";
 
         Type = "simple";
         KillMode = "process";
         TimeoutSec = 60;
-        Restart = "on-failure";
+        Restart = "always";
-        RestartSec = 2;
+        RestartSec = 60;
       };
-      after = [
+      requisite = [
-        "network.target"
         "bitcoind-btc.service"
+        "network.target"
       ];
-      requires = [ "bitcoind-btc.service" ];
-      partOf = [ "bitcoind-btc.service" ];
-      wantedBy = [ "multi-user.target" ];
     };
   };
 }

src/system/modules/forgejo/default.nix

@@ -10,25 +10,24 @@ in
   config = mkIf cfg.enable {
     users = {
       users = {
-        "${config.services.forgejo.user}" = {
+        "git" = {
           description = "Git server system user";
-          home = config.services.forgejo.stateDir;
           isSystemUser = true;
-          group = "${config.services.forgejo.user}";
+          group = "git";
           extraGroups = mkIf nginx.enable [
             "web"
           ];
         };
-        "${config.services.nginx.user}" = {
+        "nginx" = {
           extraGroups = mkIf nginx.enable [
-            "${config.services.forgejo.group}"
+            "git"
           ];
         };
       };
       groups = {
-        "${config.services.forgejo.group}" = {
+        "git" = {
           members = [
-            "${config.services.forgejo.user}"
+            "git"
           ];
         };
       };
@@ -45,24 +44,15 @@ in
           PROTOCOL = "http+unix";
           DOMAIN = "127.0.0.1";
           HTTP_ADDR = "/run/forgejo/forgejo.sock";
-          ROOT_URL = "https://git.ramos.codes";
         };
       };
 
       database = {
-        name = "git";
         inherit user;
         type = "sqlite3";
         path = "${stateDir}/data/forgejo.db";
         createDatabase = true;
       };
-      
-      dump = {
-        enable = true;
-        file = "git.bkup";
-        type = "tar.gz";
-        interval = "weekly";
-      };
     };
   };
 }

src/system/modules/frigate/default.nix

@@ -1,100 +0,0 @@
-{ pkgs, lib, config, ... }:
-
-with lib;
-let
-  cfg = config.modules.system.frigate;
-  nginx = config.modules.system.nginx;
-
-in
-{ options.modules.system.frigate = { enable = mkEnableOption "Enable Frigate NVR"; };
-  config = mkIf cfg.enable {
-    services.frigate = {
-      enable = true;
-      hostname = "frigate";
-      settings = {
-        web = {
-          bind_address = "0.0.0.0";
-          port = "5000";
-        };
-        mqtt = {
-          enabled = true;
-          host = "localhost";
-        };
-        cameras = {
-          "Doorbell" = {
-            ffmpeg = {
-              inputs = [
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0";
-                  roles = [ "record" ];
-                }
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=1";
-                  roles = [ "detect" ];
-                }
-              ];
-            };
-          };
-          "Living Room" = {
-            ffmpeg = {
-              inputs = [
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0";
-                  roles = [ "record" ];
-                }
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=1";
-                  roles = [ "detect" ];
-                }
-              ];
-            };
-          };
-          "Kitchen" = {
-            ffmpeg = {
-              inputs = [
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0";
-                  roles = [ "record" ];
-                }
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=1";
-                  roles = [ "detect" ];
-                }
-              ];
-            };
-          };
-          "Parking Lot" = {
-            ffmpeg = {
-              inputs = [
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=0";
-                  roles = [ "record" ];
-                }
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=1";
-                  roles = [ "detect" ];
-                }
-              ];
-            };
-          };
-          "Porch" = {
-            ffmpeg = {
-              inputs = [
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=0";
-                  roles = [ "record" ];
-                }
-                {
-                  path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=1";
-                  roles = [ "detect" ];
-                }
-              ];
-            };
-          };
-        };
-      };
-    };
-
-    networking.firewall.allowedTCPPorts = [ 5000 ];
-  };
-}

src/system/modules/nginx/default.nix

@@ -4,59 +4,59 @@ with lib;
 let
   cfg = config.modules.system.nginx;
   module = config.modules.system;
-  forgejo = config.services.forgejo;
 
 in
 { options.modules.system.nginx = { enable = mkEnableOption "Nginx Reverse Proxy"; };
   config = mkIf cfg.enable {
     users = {
       users = {
-        "${config.services.nginx.user}" = {
+        "nginx" = {
           description = "Web server system user";
           isSystemUser = true;
-          group = mkForce "${config.services.nginx.group}";
+          group = mkForce "web";
-          extraGroups = [
-            "${config.security.acme.defaults.group}"
-          ];
         };
         "btc" = {
           extraGroups = mkIf module.bitcoin.enable [
-            "${config.services.nginx.group}"
+            "web"
           ];
         };
-        "${forgejo.user}" = {
+        "git" = {
           extraGroups = mkIf module.forgejo.enable [
-            "${config.services.nginx.group}"
+            "web"
           ];
         };
       };
       groups = {
-        "${config.services.nginx.group}" = {
+        "web" = {
           members = [
-            "${config.services.nginx.user}"
+            "nginx"
           ];
         };
       };
     };
 
-    security.acme = {
+    security.acme = 
+    let
+      acmeDir = "/var/lib/acme";
+    in
+    {
       acceptTerms = true;
-      defaults = {
-        email = "${config.user.email}";
-        validMinDays = 90;
-        listenHTTP = ":80";
-      };
       certs = {
         "ramos.codes" = {
-          extraDomainNames = [
+          #webroot = "${acmeDir}/acme-challenge";
-            "git.ramos.codes"
+          directory = "${acmeDir}/ramos.codes";
-            "btc.ramos.codes"
+          email = config.user.email;
-          ];
+          group = "web";
+          validMinDays = 90;
+          extraDomainNames = attrNames config.services.nginx.virtualHosts;
+          listenHTTP = ":80";
         };
       };
     };
 
-    services.nginx = 
+    services.nginx = {
+      enable = true;
+      virtualHosts = 
       let
         certPath = config.security.acme.certs."ramos.codes".directory;
         sslCertificate = "${certPath}/fullchain.pem";
@@ -66,38 +66,24 @@ in
           inherit sslCertificate sslCertificateKey;
           forceSSL = true;
         }) hosts;
-    in
-    {
-      enable = true;
-      user = "nginx";
-      group = "web";
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
 
-      virtualHosts = withSSL {
+      in withSSL
+      {
         "git.ramos.codes" = mkIf module.forgejo.enable {
           locations = {
             "/" = {
-              proxyPass = "http://unix:${forgejo.settings.server.HTTP_ADDR}";
+              proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}";
             };
           };
         };
+        #"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable {
+        #  locations = {
+        #   "/" = {
+        #     proxyPass = "";
+        #   };
+        #  };
+        #};
       };
-
-      streamConfig = ''
-        ${lib.optionalString module.bitcoin.electrum.enable ''
-          server {
-            listen 0.0.0.0:50002 ssl;
-            proxy_pass 127.0.0.1:50001;
-
-            ssl_certificate ${sslCertificate};
-            ssl_certificate_key ${sslCertificateKey};
-          }
-        ''}
-      '';
     };
-    networking.firewall.allowedTCPPorts = [
-      50002
-    ];
   };
 }