pyrox.dev / nix
My Nix Configuration
fork atom

[hosts.marvin] remove unused files

pyrox.dev c052bf03 97c68ea5

options
unified split
Changed files
+3 -380
hosts
marvin
default.nix
services
authentik.nix
bookstack.nix
iceshrimp.nix
minio.nix
pingvin-share.nix
prosody.nix
redlib.nix
webmentiond.nix
+3 -5
hosts/marvin/default.nix
··· 8 8 ./hardware.nix 9 9 10 10 # Running Services 11 + # keep-sorted start 11 12 ./services/anubis.nix 12 - # ./services/authentik.nix 13 13 ./services/avahi.nix 14 14 ./services/bots.nix 15 15 ./services/deemix.nix ··· 17 17 ./services/git.nix 18 18 ./services/golink.nix 19 19 ./services/grafana.nix 20 - # ./services/iceshrimp.nix 21 20 ./services/jellyfin.nix 22 21 ./services/matrix.nix 23 22 ./services/miniflux.nix 24 - ./services/nginx.nix 25 23 ./services/nextcloud 24 + ./services/nginx.nix 26 25 ./services/pinchflat.nix 27 - ./services/pingvin-share.nix 28 26 ./services/planka.nix 29 27 ./services/pocket-id.nix 30 28 ./services/podman.nix 31 29 ./services/postgres.nix 32 30 ./services/prometheus.nix 33 - # ./services/redlib.nix 34 31 ./services/scrutiny.nix 35 32 ./services/syncthing.nix 36 33 ./services/tailscale.nix 37 34 ./services/tangled.nix 38 35 ./services/vaultwarden.nix 39 36 ./services/zfs.nix 37 + # keep-sorted end 40 38 ]; 41 39 nix.settings.max-jobs = 12; 42 40 networking = {
-92
hosts/marvin/services/authentik.nix
··· 1 - { 2 - config, 3 - self, 4 - ... 5 - }: 6 - let 7 - d = self.lib.data.services.authentik; 8 - in 9 - { 10 - virtualisation.oci-containers.containers = 11 - let 12 - authentikVersion = "2025.4"; 13 - base = { 14 - environmentFiles = [ config.age.secrets.authentik-env.path ]; 15 - extraOptions = [ "--network=authentik" ]; 16 - }; 17 - authentikBase = base // { 18 - image = "ghcr.io/goauthentik/server:${authentikVersion}"; 19 - environment = { 20 - AUTHENTIK_REDIS__HOST = "authentik-redict"; 21 - 22 - # Postgres Settings 23 - AUTHENTIK_POSTGRESQL__HOST = "authentik-db"; 24 - AUTHENTIK_POSTGRESQL__PORT = "5432"; 25 - AUTHENTIK_POSTGRESQL__USER = "authentik"; 26 - AUTHENTIK_POSTGRESQL__NAME = "authentik"; 27 - AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}"; 28 - 29 - # Disable error reporting 30 - AUTHENTIK_ERROR_REPORTING__ENABLED = "false"; 31 - 32 - # Avatars are an attribute based on an uploaded file 33 - AUTHENTIK_AVATARS = "attributes.user.avatar"; 34 - 35 - # Email Settings 36 - AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev"; 37 - AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev"; 38 - AUTHENTIK_EMAIL__PORT = "465"; 39 - AUTHENTIK_EMAIL__USE_TLS = "true"; 40 - AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>"; 41 - }; 42 - }; 43 - authentikVols = [ 44 - "/var/lib/authentik/media:/media" 45 - "/var/lib/authentik/templates:/templates" 46 - ]; 47 - in 48 - { 49 - authentik-db = base // { 50 - image = "postgres:17-alpine"; 51 - volumes = [ "/var/lib/authentik/db:/var/lib/postgresql/data" ]; 52 - environment = { 53 - POSTGRES_PASSWORD = "\${PG_PASS}"; 54 - POSTGRES_USER = "authentik"; 55 - POSTGRES_DB = "authentik"; 56 - }; 57 - }; 58 - authentik-redict = { 59 - image = "registry.redict.io/redict:alpine"; 60 - extraOptions = [ "--network=authentik" ]; 61 - }; 62 - authentik-server = authentikBase // { 63 - cmd = [ "server" ]; 64 - ports = [ 65 - "${toString d.port}:9000" 66 - "6943:9443" 67 - "9301:9300" 68 - ]; 69 - volumes = authentikVols ++ [ "/var/lib/authentik/custom.css:/web/dist/custom.css" ]; 70 - }; 71 - authentik-worker = authentikBase // { 72 - cmd = [ "worker" ]; 73 - volumes = authentikVols ++ [ "/var/lib/authentik/certs:/certs" ]; 74 - }; 75 - authentik-ldap = base // { 76 - image = "ghcr.io/goauthentik/ldap:${authentikVersion}"; 77 - ports = [ 78 - "389:3389" 79 - "636:6636" 80 - ]; 81 - environment = { 82 - AUTHENTIK_HOST = "https://${d.extUrl}"; 83 - AUTHENTIK_INSECURE = "false"; 84 - }; 85 - }; 86 - }; 87 - age.secrets.authentik-env = { 88 - file = ./secrets/authentik-env.age; 89 - owner = "thehedgehog"; 90 - group = "misc"; 91 - }; 92 - }
-5
hosts/marvin/services/bookstack.nix
··· 1 - { 2 - services.bookstack = { 3 - enable = true; 4 - }; 5 - }
-97
hosts/marvin/services/iceshrimp.nix
··· 1 - { 2 - config, 3 - inputs, 4 - pkgs, 5 - lib, 6 - self, 7 - ... 8 - }: 9 - let 10 - 11 - d = self.lib.data.services.iceshrimp; 12 - 13 - package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs rec { 14 - version = "2023.12.8-pyrox1"; 15 - src = pkgs.fetchgit { 16 - url = "https://iceshrimp.dev/pyrox/iceshrimp"; 17 - hash = "sha256-hxZ3rVVAiAMFAYhZ2o+WhlMuhjbt5EyHKOl1VyyL5RA="; 18 - rev = "v${version}"; 19 - fetchLFS = true; 20 - deepClone = false; 21 - }; 22 - patches = [ ]; 23 - }; 24 - in 25 - { 26 - services.iceshrimp = { 27 - inherit package; 28 - enable = false; 29 - secretConfig = config.age.secrets.iceshrimp-secret-config.path; 30 - dbPasswordFile = config.age.secrets.iceshrimp-db-password.path; 31 - createDb = true; 32 - configureNginx.enable = false; 33 - settings = { 34 - inherit (d) port; 35 - url = "https://${d.extUrl}"; 36 - accountDomain = "pyrox.dev"; 37 - redis.port = 6997; 38 - maxNoteLength = 16384; 39 - maxCaptionLength = 8192; 40 - clusterLimit = 4; 41 - deliverJobConcurrency = 192; 42 - inboxJobConcurrency = 32; 43 - deliverJobPerSec = 256; 44 - inboxJobPerSec = 32; 45 - outgoingAddressFamily = "dual"; 46 - # See the withdrawal patches for obliterate info 47 - enableObliterate = true; 48 - obliterateJobPerSec = 16; 49 - obliterateJobMaxAttempts = 3; 50 - mediaCleanup = { 51 - cron = true; 52 - maxAgeDays = 30; 53 - cleanAvatars = true; 54 - cleanHeaders = true; 55 - }; 56 - htmlCache = { 57 - ttl = "6h"; 58 - prewarm = true; 59 - dbFallback = true; 60 - }; 61 - wordMuteCache.ttl = "24h"; 62 - isManagedHosting = true; 63 - email = { 64 - managed = true; 65 - address = "social@pyrox.dev"; 66 - host = "mail.pyrox.dev"; 67 - port = 465; 68 - user = "social@pyrox.dev"; 69 - useImplicitSslTls = true; 70 - }; 71 - objectStorage = { 72 - managed = true; 73 - baseUrl = "https://pool.jortage.com/socialpyroxdev"; 74 - bucket = "socialpyroxdev"; 75 - prefix = "mkmedia"; 76 - endpoint = "pool-api.jortage.com"; 77 - region = "jort"; 78 - useSsl = true; 79 - connnectOverProxy = false; 80 - setPublicReadOnUpload = false; 81 - s3ForcePathStyle = true; 82 - }; 83 - }; 84 - }; 85 - age.secrets = lib.mkIf config.services.iceshrimp.enable { 86 - iceshrimp-secret-config = { 87 - inherit (config.services.iceshrimp) group; 88 - file = ./secrets/iceshrimp-secret-config.age; 89 - owner = config.services.iceshrimp.user; 90 - }; 91 - iceshrimp-db-password = { 92 - file = ./secrets/iceshrimp-db-password.age; 93 - owner = "postgres"; 94 - group = "postgres"; 95 - }; 96 - }; 97 - }
-11
hosts/marvin/services/minio.nix
··· 1 - { config, ... }: 2 - { 3 - services.minio = { 4 - enable = true; 5 - region = "us-east-1"; 6 - browser = true; 7 - listenAddress = ":6990"; 8 - consoleAddress = ":6991"; 9 - rootCredentialsFile = config.age.secrets.minio-root.path; 10 - }; 11 - }
-130
hosts/marvin/services/pingvin-share.nix
··· 1 - { 2 - config, 3 - pkgs, 4 - self', 5 - self, 6 - ... 7 - }: 8 - let 9 - d = self.lib.data.services.pingvin-share; 10 - cfg = config.services.pingvin-share; 11 - configFormat = pkgs.formats.yaml { }; 12 - configFile = configFormat.generate "config.yaml" { 13 - general = { 14 - appName = "dishNet Share"; 15 - appUrl = "https://share.pyrox.dev"; 16 - secureCookies = "true"; 17 - showHomePage = "false"; 18 - }; 19 - share = { 20 - allowRegistration = "false"; 21 - allowUnauthenticatedShares = "false"; 22 - maxSize = "10000000000"; 23 - }; 24 - email.enableShareEmailRecipients = "true"; 25 - smtp = { 26 - enabled = "true"; 27 - host = "mail.pyrox.dev"; 28 - port = "465"; 29 - email = "share@pyrox.dev"; 30 - username = "share@pyrox.dev"; 31 - password = "SMTP_PASSWORD"; 32 - }; 33 - ldap.enabled = "false"; 34 - legal.enabled = "false"; 35 - s3.enabled = "false"; 36 - oauth = { 37 - ignoreTotp = "true"; 38 - oidc-enabled = "true"; 39 - oidc-clientSecret = "CLIENT_SECRET"; 40 - oidc-clientId = "d83006a6-9b08-47eb-af56-418065db09b5"; 41 - oidc-discoveryUri = "https://auth.pyrox.dev/.well-known/openid-configuration"; 42 - oidc-signOut = "false"; 43 - oidc-scope = "openid email profile groups"; 44 - oidc-rolePath = "groups"; 45 - oidc-roleAdminAccess = "admins"; 46 - }; 47 - initUser.enabled = false; 48 - }; 49 - in 50 - { 51 - virtualisation.oci-containers.containers = { 52 - pingvin-share-server = { 53 - image = "ghcr.io/stonith404/pingvin-share:latest"; 54 - ports = [ 55 - "${toString d.port}:3000" 56 - "${toString d.be-port}:8080" 57 - ]; 58 - volumes = [ 59 - "/var/lib/pingvin-share/data:/opt/app/backend/data" 60 - "/var/lib/pingvin-share/data/images:/opt/app/frontend/public/img" 61 - "/var/lib/pingvin-share/config.yaml:/opt/app/config.yaml" 62 - ]; 63 - environment = { 64 - API_URL = "https://share.pyrox.dev"; 65 - PUID = "962"; 66 - PGID = "959"; 67 - }; 68 - }; 69 - }; 70 - users.users.pingvin = { 71 - uid = 962; 72 - inherit (cfg) group; 73 - isSystemUser = true; 74 - }; 75 - users.groups.pingvin = { 76 - gid = 959; 77 - }; 78 - 79 - services = { 80 - pingvin-share = { 81 - enable = false; 82 - backend.port = d.be-port; 83 - frontend.port = d.port; 84 - hostname = "share.pyrox.dev"; 85 - https = true; 86 - }; 87 - anubis.instances = { 88 - pingvin-share-be = { 89 - settings = { 90 - BIND = ":${toString d.be-anubis}"; 91 - POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml"; 92 - TARGET = "http://localhost:${toString d.be-port}"; 93 - }; 94 - }; 95 - pingvin-share-fe = { 96 - settings = { 97 - BIND = ":${toString d.anubis}"; 98 - POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml"; 99 - TARGET = "http://localhost:${toString d.port}"; 100 - }; 101 - }; 102 - }; 103 - }; 104 - systemd.services.init-pingvin-config = { 105 - enable = true; 106 - description = "Pingvin Share configuration setup"; 107 - wantedBy = [ "multi-user.target" ]; 108 - before = [ 109 - "docker-pingvin-share-server.service" 110 - ]; 111 - path = [ pkgs.gnused ]; 112 - script = '' 113 - rm ${cfg.dataDir}/config.yaml 114 - cp ${configFile} ${cfg.dataDir}/config.yaml 115 - sed -i "s/SMTP_PASSWORD/\"$SMTP_PASSWORD\"/" ${cfg.dataDir}/config.yaml 116 - sed -i "s/CLIENT_SECRET/\"$CLIENT_SECRET\"/" ${cfg.dataDir}/config.yaml 117 - ''; 118 - serviceConfig = { 119 - EnvironmentFile = config.age.secrets.pingvin-secrets.path; 120 - User = cfg.user; 121 - Group = cfg.group; 122 - ReadWritePaths = [ "${cfg.dataDir}" ]; 123 - }; 124 - }; 125 - age.secrets.pingvin-secrets = { 126 - file = ./secrets/pingvin-secrets.age; 127 - owner = cfg.user; 128 - inherit (cfg) group; 129 - }; 130 - }
-5
hosts/marvin/services/prosody.nix
··· 1 - { 2 - services.prosody = { 3 - enable = true; 4 - }; 5 - }
-12
hosts/marvin/services/redlib.nix
··· 1 - { pkgs, self, ... }: 2 - let 3 - d = self.lib.data.services.redlib; 4 - in 5 - { 6 - services.libreddit = { 7 - inherit (d) port; 8 - enable = true; 9 - package = pkgs.redlib; 10 - openFirewall = false; 11 - }; 12 - }
-23
hosts/marvin/services/webmentiond.nix
··· 1 - { config, self, ... }: 2 - let 3 - d = self.lib.data.services.webmentiond; 4 - p = toString d.port; 5 - in 6 - { 7 - virtualisation.oci-containers.containers.webmentiond = { 8 - image = "zerok/webmentiond:latest"; 9 - volumes = [ "/var/lib/webmentiond:/data" ]; 10 - environmentFiles = [ config.age.secrets.webmentiond-env.path ]; 11 - ports = [ "${p}:${p}" ]; 12 - cmd = [ 13 - "--addr 0.0.0.0:${p}" 14 - "--public-url https://${d.extUrl}" 15 - "--auth-admin-emails pyrox@pyrox.dev" 16 - ]; 17 - }; 18 - config.age.secrets = { 19 - webmentiond-env.path = ./secrets/webmentiond-env.age; 20 - owner = "thehedgehog"; 21 - group = "misc"; 22 - }; 23 - }