From 23f8df7396d35744069a4bda0d1d38a55ff64b79 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 21 Jul 2025 07:31:45 -0700 Subject: refactoring to use flake-parts and automatic imports of hosts This is the first step in a large refactoring to use flake-parts, and to automatically imports hosts based on paths. --- nix/machines/common/network.nix | 41 -------- nix/machines/darwin-shared.nix | 111 --------------------- .../darwin/aarch64-darwin/hq-kwny2vh41p.nix | 96 ++++++++++++++++++ nix/machines/darwin/aarch64-darwin/mba-m2.nix | 98 ++++++++++++++++++ nix/machines/hq-kwny2vh41p/default.nix | 6 -- nix/machines/mba-m2/default.nix | 11 -- nix/machines/nixos/x86_64-linux/vm-synology.nix | 67 +++++++++++++ nix/machines/vm-synology/backups.nix | 73 -------------- nix/machines/vm-synology/default.nix | 92 ----------------- nix/machines/vm-synology/disk.nix | 55 ---------- nix/machines/vm-synology/git.nix | 25 ----- nix/machines/vm-synology/hardware.nix | 32 ------ nix/machines/vm-synology/ingress.nix | 16 --- nix/machines/vm-synology/nginx.nix | 10 -- 14 files changed, 261 insertions(+), 472 deletions(-) delete mode 100644 nix/machines/common/network.nix delete mode 100644 nix/machines/darwin-shared.nix create mode 100644 nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix create mode 100644 nix/machines/darwin/aarch64-darwin/mba-m2.nix delete mode 100644 nix/machines/hq-kwny2vh41p/default.nix delete mode 100644 nix/machines/mba-m2/default.nix create mode 100644 nix/machines/nixos/x86_64-linux/vm-synology.nix delete mode 100644 nix/machines/vm-synology/backups.nix delete mode 100644 nix/machines/vm-synology/default.nix delete mode 100644 nix/machines/vm-synology/disk.nix delete mode 100644 nix/machines/vm-synology/git.nix delete mode 100644 nix/machines/vm-synology/hardware.nix delete mode 100644 nix/machines/vm-synology/ingress.nix delete mode 100644 nix/machines/vm-synology/nginx.nix (limited to 'nix/machines') diff --git a/nix/machines/common/network.nix b/nix/machines/common/network.nix deleted file mode 100644 index fb31099..0000000 --- a/nix/machines/common/network.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -{ - networking.firewall.allowPing = true; - - # Default to systemd-networkd usage. - networking.useNetworkd = lib.mkDefault true; - systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - - # Use systemd-resolved for DoT support. - services.resolved = { - enable = true; - dnssec = "false"; - extraConfig = '' - DNSOverTLS=yes - ''; - }; - - # Used by systemd-resolved, not directly by resolv.conf. - networking.nameservers = [ - "8.8.8.8#dns.google" - "1.0.0.1#cloudflare-dns.com" - ]; - - networking.firewall.logRefusedConnections = false; - - boot.kernel.sysctl = { - "net.ipv4.tcp_fastopen" = 3; - "net.ipv4.tcp_tw_reuse" = 1; - }; - - environment.systemPackages = with pkgs; [ - mtr - tcpdump - traceroute - ]; -} diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix deleted file mode 100644 index 978b43a..0000000 --- a/nix/machines/darwin-shared.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, ... }: -{ - nix = { - extraOptions = '' - tarball-ttl = 900 - ''; - gc = { - automatic = true; - interval = { - Weekday = 0; - Hour = 0; - Minute = 0; - }; - options = "--delete-older-than 30d"; - }; - package = pkgs.nixVersions.stable; - settings = { - substituters = [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - trusted-users = [ - "@admin" - "fcuny" - ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - }; - - system.primaryUser = "fcuny"; - - system.defaults = { - dock = { - autohide = true; - dashboard-in-overlay = false; - launchanim = false; # Don't animate opening applications. - mru-spaces = false; # don’t rearrange spaces based on the most recent use - orientation = "left"; - show-recents = false; - showhidden = false; - tilesize = 60; # Default is 64. - wvous-br-corner = 1; # Disable Notes hot corner. - }; - finder.AppleShowAllExtensions = true; - - CustomUserPreferences = { - "com.apple.desktopservices" = { - # Avoid creating .DS_Store files on network or USB volumes - DSDontWriteNetworkStores = true; - DSDontWriteUSBStores = true; - }; - }; - - # Requires the directory to already exist. - # See system.activationScripts.postUserActivation - screencapture.location = "~/Documents/screenshots"; - SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; - }; - - # TODO: - The `system.activationScripts.postUserActivation` option has - # been removed, as all activation now takes place as `root`. Please - # restructure your custom activation scripts appropriately, - # potentially using `sudo` if you need to run commands as a user. - # system.activationScripts.postUserActivation.text = '' - # mkdir -p ~/Documents/screenshots - # ''; - - fonts.packages = with pkgs; [ - source-code-pro - ]; - - system.keyboard = { - enableKeyMapping = true; - remapCapsLockToControl = true; - }; - - # Touch ID for sudo auth - security.pam.services.sudo_local.touchIdAuth = true; - - environment.shells = [ pkgs.fish ]; - - programs.fish.enable = true; - programs.fish.shellInit = '' - # Nix - if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' - source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' - end - # End Nix - ''; - - ## this sets the PATH for GUI apps - ## needs a restart - launchd.user.agents = { - user-paths = { - command = "/bin/launchctl config user path '/opt/homebrew/bin:/Users/fcuny/.nix-profile/bin:/etc/profiles/per-user/fcuny/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin'"; - serviceConfig.RunAtLoad = true; - }; - }; - - programs.ssh.knownHosts = { - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; -} diff --git a/nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix b/nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix new file mode 100644 index 0000000..c44ccaf --- /dev/null +++ b/nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix @@ -0,0 +1,96 @@ +{ + adminUser, + pkgs, + self, + ... +}: +{ + + imports = [ + "${self}/nix/profiles/home-manager.nix" + "${self}/nix/profiles/darwin.nix" + ]; + + nix = { + extraOptions = '' + tarball-ttl = 900 + ''; + gc = { + automatic = true; + interval = { + Weekday = 0; + Hour = 0; + Minute = 0; + }; + options = "--delete-older-than 30d"; + }; + package = pkgs.nixVersions.stable; + settings = { + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + system.primaryUser = adminUser.name; + + # https://github.com/nix-darwin/nix-darwin/issues/1339 + ids.gids.nixbld = 30000; + + networking.hostName = "mba-m2"; + + fonts.packages = with pkgs; [ + source-code-pro + ]; + + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users = { + users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; + shell = pkgs.fish; + }; + }; + + environment.shells = [ pkgs.fish ]; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + + home-manager.users.${adminUser.name} = { + home.stateVersion = "23.05"; + home.username = "${adminUser.name}"; + home.homeDirectory = "/Users/${adminUser.name}"; + home.packages = with pkgs; [ grpcurl ]; + imports = [ + ../../../users/profiles/mac.nix + ../../../users/profiles/work.nix + ]; + inherit (adminUser) userinfo; + programs.git.userEmail = "fcuny@roblox.com"; + }; +} diff --git a/nix/machines/darwin/aarch64-darwin/mba-m2.nix b/nix/machines/darwin/aarch64-darwin/mba-m2.nix new file mode 100644 index 0000000..59fd21b --- /dev/null +++ b/nix/machines/darwin/aarch64-darwin/mba-m2.nix @@ -0,0 +1,98 @@ +{ + adminUser, + pkgs, + self, + ... +}: +{ + imports = [ + "${self}/nix/profiles/home-manager.nix" + "${self}/nix/profiles/darwin.nix" + ]; + + nix = { + extraOptions = '' + tarball-ttl = 900 + ''; + gc = { + automatic = true; + interval = { + Weekday = 0; + Hour = 0; + Minute = 0; + }; + options = "--delete-older-than 30d"; + }; + package = pkgs.nixVersions.stable; + settings = { + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + system.primaryUser = adminUser.name; + + # https://github.com/nix-darwin/nix-darwin/issues/1339 + ids.gids.nixbld = 30000; + + networking.hostName = "mba-m2"; + + fonts.packages = with pkgs; [ + source-code-pro + ]; + + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users = { + users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; + shell = pkgs.fish; + }; + }; + + environment.shells = [ pkgs.fish ]; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + + home-manager.users.${adminUser.name} = { + home.stateVersion = "23.05"; + home.username = "${adminUser.name}"; + home.homeDirectory = "/Users/${adminUser.name}"; + home.packages = with pkgs; [ + element-desktop + vlc-bin + zoom-us + ]; + imports = [ + ../../../users/profiles/mac.nix + ../../../users/profiles/media.nix + ]; + inherit (adminUser) userinfo; + }; +} diff --git a/nix/machines/hq-kwny2vh41p/default.nix b/nix/machines/hq-kwny2vh41p/default.nix deleted file mode 100644 index 1ae15f2..0000000 --- a/nix/machines/hq-kwny2vh41p/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - imports = [ ../darwin-shared.nix ]; - - system.stateVersion = 5; -} diff --git a/nix/machines/mba-m2/default.nix b/nix/machines/mba-m2/default.nix deleted file mode 100644 index 565360c..0000000 --- a/nix/machines/mba-m2/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - imports = [ ../darwin-shared.nix ]; - - # https://github.com/nix-darwin/nix-darwin/issues/1339 - ids.gids.nixbld = 30000; - - system.stateVersion = 5; - - networking.hostName = "mba-m2"; -} diff --git a/nix/machines/nixos/x86_64-linux/vm-synology.nix b/nix/machines/nixos/x86_64-linux/vm-synology.nix new file mode 100644 index 0000000..02030fc --- /dev/null +++ b/nix/machines/nixos/x86_64-linux/vm-synology.nix @@ -0,0 +1,67 @@ +{ self, pkgs, ... }: +{ + age = { + secrets = { + restic_gcs_credentials = { + file = "${self}/secrets/restic_gcs_credentials.age"; + }; + restic_password = { + file = "${self}/secrets/restic_password.age"; + }; + cloudflared-tunnel = { + file = "${self}/secrets/cloudflared_cragmont.age"; + }; + cloudflared-cert = { + file = "${self}/secrets/cloudflared_cert.age"; + }; + }; + }; + + imports = [ + "${self}/nix/profiles/git-server.nix" + "${self}/nix/profiles/hardware/synology.nix" + "${self}/nix/profiles/disk/vm.nix" + "${self}/nix/profiles/server.nix" + # ./backups.nix + # ./ingress.nix + # ./nginx.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "vm-synology"; + + nix = { + package = pkgs.nixVersions.latest; + settings = { + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.mutableUsers = false; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = true; + services.openssh.settings.PermitRootLogin = "no"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix deleted file mode 100644 index cf3c65b..0000000 --- a/nix/machines/vm-synology/backups.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - environmentFile = toString ( - pkgs.writeText "restic-gcs-env" '' - GOOGLE_PROJECT_ID=fcuny-infra - GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path} - '' - ); -in -{ - services.restic.backups.local = { - passwordFile = config.age.secrets.restic_password.path; - repository = "/srv/data/backups/"; - initialize = true; - paths = [ "/var/lib/gitolite" ]; - exclude = [ - "/var/lib/gitolite/.bash_history" - "/var/lib/gitolite/.ssh" - "/var/lib/gitolite/.viminfo" - ]; - extraBackupArgs = [ - "--exclude-caches" - "--compression=max" - ]; - timerConfig = { - OnCalendar = "daily"; - }; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 4" - "--keep-monthly 3" - ]; - }; - - services.restic.backups.gcs = { - passwordFile = config.age.secrets.restic_password.path; - environmentFile = environmentFile; - repository = "gs:fcuny-infra-backups:/vm-synology/"; - initialize = true; - paths = [ "/var/lib/gitolite" ]; - exclude = [ - "/var/lib/gitolite/.bash_history" - "/var/lib/gitolite/.ssh" - "/var/lib/gitolite/.viminfo" - ]; - extraBackupArgs = [ - "--exclude-caches" - "--compression=max" - ]; - timerConfig = { - OnCalendar = "daily"; - }; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 4" - "--keep-monthly 3" - ]; - }; - - environment = { - sessionVariables = { - RESTIC_REPOSITORY = "/srv/data/backups"; - RESTIC_PASSWORD_FILE = config.age.secrets.restic_password.path; - }; - systemPackages = with pkgs; [ - restic - ]; - }; -} diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix deleted file mode 100644 index ec508d8..0000000 --- a/nix/machines/vm-synology/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ pkgs, ... }: -{ - age = { - secrets = { - restic_gcs_credentials = { - file = ../../../secrets/restic_gcs_credentials.age; - }; - restic_password = { - file = ../../../secrets/restic_password.age; - }; - cloudflared-tunnel = { - file = ../../../secrets/cloudflared_cragmont.age; - }; - cloudflared-cert = { - file = ../../../secrets/cloudflared_cert.age; - }; - }; - }; - - imports = [ - ./backups.nix - ./git.nix - ./hardware.nix - ./ingress.nix - ./nginx.nix - ../common/network.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "vm-synology"; - boot.kernelPackages = pkgs.linuxPackages_latest; - - nix = { - package = pkgs.nixVersions.latest; - settings = { - trusted-users = [ - "@admin" - "fcuny" - ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - }; - - time.timeZone = "America/Los_Angeles"; - - # Don't require password for sudo - security.sudo.wheelNeedsPassword = false; - - # Virtualization settings - virtualisation.docker.enable = true; - - # Select internationalisation properties. - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.mutableUsers = false; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - curl - git - vim - jq - ]; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.settings.PasswordAuthentication = true; - services.openssh.settings.PermitRootLogin = "no"; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - - networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? -} diff --git a/nix/machines/vm-synology/disk.nix b/nix/machines/vm-synology/disk.nix deleted file mode 100644 index 1641339..0000000 --- a/nix/machines/vm-synology/disk.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: -{ - disko.devices = { - disk.disk1 = { - device = lib.mkDefault "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix deleted file mode 100644 index 27eebc7..0000000 --- a/nix/machines/vm-synology/git.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, ... }: -{ - services.gitolite = { - enable = true; - adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; - user = "git"; - group = "git"; - extraGitoliteRc = '' - # Make dirs/files group readable, needed for webserver/cgit. (Default - # setting is 0077.) - $RC{UMASK} = 0027; - $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner'; - $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; - push( @{$RC{ENABLE}}, 'symbolic-ref' ); - ''; - }; - - # let's make sure the default branch is `main'. - systemd.tmpfiles.rules = [ - "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" '' - [init] - defaultBranch = main - ''}" - ]; -} diff --git a/nix/machines/vm-synology/hardware.nix b/nix/machines/vm-synology/hardware.nix deleted file mode 100644 index c894a80..0000000 --- a/nix/machines/vm-synology/hardware.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/installer/scan/not-detected.nix") - ./disk.nix - ]; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/nix/machines/vm-synology/ingress.nix b/nix/machines/vm-synology/ingress.nix deleted file mode 100644 index b6ae596..0000000 --- a/nix/machines/vm-synology/ingress.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, ... }: -{ - services.cloudflared = { - enable = true; - certificateFile = config.age.secrets.cloudflared-cert.path; - tunnels = { - "cragmont" = { - credentialsFile = config.age.secrets.cloudflared-tunnel.path; - default = "http_status:404"; - ingress = { - "git.fcuny.net".service = "ssh://127.0.0.1:22"; - }; - }; - }; - }; -} diff --git a/nix/machines/vm-synology/nginx.nix b/nix/machines/vm-synology/nginx.nix deleted file mode 100644 index 2c3b7fb..0000000 --- a/nix/machines/vm-synology/nginx.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - ... -}: -{ - services.fcuny-net = { - enable = true; - domain = "fcuny.net"; - enableSSL = false; # Enable if you want HTTPS - }; -} -- cgit v1.2.3