dotfiles/nixos/machines/biskcomp.nix

{ pkgs, forEachUser, config, ... }:
let biskcomp-nginx-hostnames = "192.168.1.44 railbird.ai 1896Folsom.duckdns.org biskcomp.local 0.0.0.0 67.162.131.71";
in
{
  imports = [
    ../configuration.nix
    ../raspberry-pi.nix
  ];

  users.users.nginx = {
    group = "nginx";
    isSystemUser = true;
    extraGroups = ["syncthing"];
  };

  myModules.raspberry-pi.enable = true;

  myModules.base.enable = true;
  myModules.desktop.enable = true;
  myModules.xmonad.enable = false;
  myModules.extra.enable = false;
  myModules.code.enable = true;
  myModules.games.enable = false;
  myModules.syncthing.enable = true;
  myModules.fonts.enable = true;
  myModules.nixified-ai.enable = false;
  myModules.cache-server = {
    enable = false;
    host-string = biskcomp-nginx-hostnames;
    port = 80;
    path = "/nix-cache";
  };
  myModules.gitea.enable = true;
  myModules.gitea-runner.enable = false;

  myModules.railbird-k3s = {
    enable = false;
    serverAddr = "https://dev.railbird.ai:6443";
  };
  services.k3s.disableAgent = true;

  age.secrets.vaultwarden-environment-file = {
    file = ../secrets/vaultwarden-environment-file.age;
    owner = "vaultwarden";
  };

  services.vaultwarden = {
    enable = true;
    backupDir = "/var/backup/vaultwarden";
    environmentFile = config.age.secrets.vaultwarden-environment-file.path;
    config = {
      ROCKET_ADDRESS = "::1";
      ROCKET_PORT = 8222;
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "IvanMalison@gmail.com";
  };

  services.gitlab = {
    enable = true;
    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
    initialRootPasswordFile = pkgs.writeText "rootPassword" "dakqdvp4ovhksxer";
    host = "gitlab.railbird.ai";
    secrets = {
      secretFile = pkgs.writeText "secret" "Aig5zaic";
      otpFile = pkgs.writeText "otpsecret" "Riew9mue";
      dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
      jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
    };
  };

  age.secrets.discourse-admin-password = {
    file = ../secrets/discourse-admin-password.age;
    mode = "770";
    owner = "discourse";
    group = "users";
  };

  age.secrets.discourse-secret-key-base = {
    file = ../secrets/discourse-secret-key-base.age;
    group = "users";
    owner = "discourse";
  };

  services.discourse = {
    enable = false;
    enableACME = true;
    hostname = "discourse.railbird.ai";
    admin = {
      passwordFile = config.age.secrets.discourse-admin-password.path;
      email = "support@railbird.ai";
      fullName = "Admin";
      username = "admin";
    };
    secretKeyBaseFile = config.age.secrets.discourse-secret-key-base.path;
    database.ignorePostgresqlVersion = true;
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedGzipSettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "gitlab.railbird.ai" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
      };
      "vaultwarden.railbird.ai" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://[::1]:8222";
        };
      };
      "cache.railbird.ai" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://192.168.1.20:3090";
        };
      };
      "syncthing.railbird.ai" = {
        enableACME = true;
        forceSSL = true;
        root = "/var/lib/syncthing/railbird";
        locations."/" = {
          extraConfig = ''
            autoindex on;
          '';
        };
      };
      "docs.railbird.ai" = {
        enableACME = true;
        forceSSL = true;
        root = "/var/lib/syncthing/railbird/docs";
        locations."/" = {
          extraConfig = ''
            autoindex on;
          '';
        };
      };
    };
  };

  services.plex = {
    enable = true;
  };

  fileSystems."/" = {
    device = "/dev/disk/by-label/NIXOS_SD";
    fsType = "ext4";
  };

  services.home-assistant = {
    enable = false;
    extraComponents = [
      # Components required to complete the onboarding
      "met"
      "radio_browser"
    ];
    config = {
      # Includes dependencies for a basic setup
      # https://www.home-assistant.io/integrations/default_config/
      default_config = {};
    };
  };

  swapDevices = [
    { device = "/swapfile"; size = 8192; } # size is in MiB
  ];

  networking.hostName = "biskcomp";
  system.stateVersion = "23.11";

  home-manager.users = forEachUser {
    home.stateVersion = "23.11";
  };
}
[NixOS] Enable discourse on biskcomp 2024-12-22 18:11:37 -07:00			`{ pkgs, forEachUser, config, ... }:`
[Emacs] Improve default org-window-habit faces 2023-08-29 14:21:33 -06:00			`let biskcomp-nginx-hostnames = "192.168.1.44 railbird.ai 1896Folsom.duckdns.org biskcomp.local 0.0.0.0 67.162.131.71";`
			`in`
			`{`
[NixOS] Add Raspberry Pi 4b Configuration 2021-07-10 19:39:40 +00:00			`imports = [`
[NixOS] Control what is enabled per machine with module options 2023-08-20 04:25:58 -06:00			`../configuration.nix`
[NixOS] Fix flakes for raspberry pi 2021-07-11 17:23:59 +00:00			`../raspberry-pi.nix`
[NixOS] Add Raspberry Pi 4b Configuration 2021-07-10 19:39:40 +00:00			`];`

[NixOS] Move nginx mods to biskcomp 2023-12-13 11:41:50 -07:00			`users.users.nginx = {`
			`group = "nginx";`
			`isSystemUser = true;`
			`extraGroups = ["syncthing"];`
			`};`

[NixOS] modules -> myModules 2024-09-26 14:15:27 -06:00			`myModules.raspberry-pi.enable = true;`
[NixOS] Control what is enabled per machine with module options 2023-08-20 04:25:58 -06:00
[NixOS] modules -> myModules 2024-09-26 14:15:27 -06:00			`myModules.base.enable = true;`
			`myModules.desktop.enable = true;`
			`myModules.xmonad.enable = false;`
			`myModules.extra.enable = false;`
			`myModules.code.enable = true;`
			`myModules.games.enable = false;`
			`myModules.syncthing.enable = true;`
			`myModules.fonts.enable = true;`
			`myModules.nixified-ai.enable = false;`
			`myModules.cache-server = {`
[NixOS] Make vaultwarden/certificates work on biskcomp 2023-09-23 13:52:39 -06:00			`enable = false;`
[Emacs] Improve default org-window-habit faces 2023-08-29 14:21:33 -06:00			`host-string = biskcomp-nginx-hostnames;`
[NixOS] Host railbird.ai on biskcomp 2023-08-28 01:03:24 +00:00			`port = 80;`
			`path = "/nix-cache";`
			`};`
[NixOS] modules -> myModules 2024-09-26 14:15:27 -06:00			`myModules.gitea.enable = true;`
			`myModules.gitea-runner.enable = false;`
[NixOS] Host railbird.ai on biskcomp 2023-08-28 01:03:24 +00:00
[NixOS] Enable k3s on biskcomp nixquick and railbird-sf 2024-09-30 20:47:12 -06:00			`myModules.railbird-k3s = {`
[NixOS] Disable k3s on biskcomp 2025-01-01 13:12:35 -07:00			`enable = false;`
[NixOS] Biskcomp dev.railbird.ai for k3s 2024-10-02 23:04:36 -06:00			`serverAddr = "https://dev.railbird.ai:6443";`
[NixOS] Enable k3s on biskcomp nixquick and railbird-sf 2024-09-30 20:47:12 -06:00			`};`
			`services.k3s.disableAgent = true;`

[NixOS] Enable vaultwarden admin page 2025-01-01 12:03:48 -07:00			`age.secrets.vaultwarden-environment-file = {`
			`file = ../secrets/vaultwarden-environment-file.age;`
			`owner = "vaultwarden";`
			`};`

[NixOS] Enable vaultwarden on biskcomp 2023-08-28 01:40:50 +00:00			`services.vaultwarden = {`
			`enable = true;`
[NixOS] Backup vaultwarden 2025-01-01 11:55:23 -07:00			`backupDir = "/var/backup/vaultwarden";`
[NixOS] Enable vaultwarden admin page 2025-01-01 12:03:48 -07:00			`environmentFile = config.age.secrets.vaultwarden-environment-file.path;`
[NixOS] Enable vaultwarden on biskcomp 2023-08-28 01:40:50 +00:00			`config = {`
[Emacs] Improve default org-window-habit faces 2023-08-29 14:21:33 -06:00			`ROCKET_ADDRESS = "::1";`
[NixOS] Enable vaultwarden on biskcomp 2023-08-28 01:40:50 +00:00			`ROCKET_PORT = 8222;`
			`};`
			`};`

[NixOS] Make vaultwarden/certificates work on biskcomp 2023-09-23 13:52:39 -06:00			`security.acme = {`
			`acceptTerms = true;`
[NixOS] Use non deprecated option for acme email 2023-09-23 16:35:14 -06:00			`defaults.email = "IvanMalison@gmail.com";`
[NixOS] Make vaultwarden/certificates work on biskcomp 2023-09-23 13:52:39 -06:00			`};`

[NixOS] Try gitlab on biskcomp 2024-10-20 16:29:38 -06:00			`services.gitlab = {`
			`enable = true;`
			`databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";`
			`initialRootPasswordFile = pkgs.writeText "rootPassword" "dakqdvp4ovhksxer";`
[NixOS] Set gitlab host 2024-10-21 00:09:09 -06:00			`host = "gitlab.railbird.ai";`
[NixOS] Try gitlab on biskcomp 2024-10-20 16:29:38 -06:00			`secrets = {`
			`secretFile = pkgs.writeText "secret" "Aig5zaic";`
			`otpFile = pkgs.writeText "otpsecret" "Riew9mue";`
			`dbFile = pkgs.writeText "dbsecret" "we2quaeZ";`
			`jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";`
			`};`
			`};`
[NixOS] Add nextcloud to biskcomp 2023-11-21 20:09:47 -07:00
[NixOS] Enable discourse on biskcomp 2024-12-22 18:11:37 -07:00			`age.secrets.discourse-admin-password = {`
[NixOS] Fail to fix discourse-admin-password 2024-12-29 12:22:25 -07:00			`file = ../secrets/discourse-admin-password.age;`
[NixOS] Set permissions on discourse-admin-password 2024-12-29 12:21:05 -07:00			`mode = "770";`
			`owner = "discourse";`
			`group = "users";`
[NixOS] Enable discourse on biskcomp 2024-12-22 18:11:37 -07:00			`};`

[NixOS] Fail to fix discourse-admin-password 2024-12-29 12:22:25 -07:00			`age.secrets.discourse-secret-key-base = {`
			`file = ../secrets/discourse-secret-key-base.age;`
			`group = "users";`
			`owner = "discourse";`
			`};`

[NixOS] Enable discourse on biskcomp 2024-12-22 18:11:37 -07:00			`services.discourse = {`
[NixOS] Disable discourse 2025-01-01 11:39:52 -07:00			`enable = false;`
[NixOS] Enable discourse on biskcomp 2024-12-22 18:11:37 -07:00			`enableACME = true;`
			`hostname = "discourse.railbird.ai";`
[NixOS] Set admin email 2024-12-22 19:47:19 -07:00			`admin = {`
			`passwordFile = config.age.secrets.discourse-admin-password.path;`
			`email = "support@railbird.ai";`
[NixOS] Fail to fix discourse-admin-password 2024-12-29 12:22:25 -07:00			`fullName = "Admin";`
			`username = "admin";`
[NixOS] Set admin email 2024-12-22 19:47:19 -07:00			`};`
[NixOS] Fail to fix discourse-admin-password 2024-12-29 12:22:25 -07:00			`secretKeyBaseFile = config.age.secrets.discourse-secret-key-base.path;`
[NixOS] Ignore postgres version discourse 2024-12-22 19:44:59 -07:00			`database.ignorePostgresqlVersion = true;`
[NixOS] Enable discourse on biskcomp 2024-12-22 18:11:37 -07:00			`};`

[NixOS] Reenable vaultwarden 2023-11-17 13:25:22 -07:00			`services.nginx = {`
			`enable = true;`
			`recommendedProxySettings = true;`
			`recommendedGzipSettings = true;`
			`recommendedTlsSettings = true;`
			`virtualHosts = {`
[NixOS] Try gitlab on biskcomp 2024-10-20 16:29:38 -06:00			`"gitlab.railbird.ai" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";`
			`};`
[NixOS] Reenable vaultwarden 2023-11-17 13:25:22 -07:00			`"vaultwarden.railbird.ai" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://[::1]:8222";`
			`};`
			`};`
[NixOS] Forward requests at cache.railbird.ai to ryzen-shine 2023-11-17 19:55:35 -07:00			`"cache.railbird.ai" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
Make nixquick the cache server instead of ryzen-shine 2024-03-22 16:22:34 -06:00			`proxyPass = "http://192.168.1.20:3090";`
[NixOS] Forward requests at cache.railbird.ai to ryzen-shine 2023-11-17 19:55:35 -07:00			`};`
			`};`
[NixOS] Add syncthing to biskcomp 2023-12-07 01:39:50 -07:00			`"syncthing.railbird.ai" = {`
			`enableACME = true;`
			`forceSSL = true;`
[NixOS] Fix syncthing directory location 2024-03-23 21:17:55 -06:00			`root = "/var/lib/syncthing/railbird";`
[NixOS] Add syncthing to biskcomp 2023-12-07 01:39:50 -07:00			`locations."/" = {`
[NixOS] Share syncthing directory from biskcomp 2023-12-07 20:21:33 -07:00			`extraConfig = ''`
			`autoindex on;`
			`'';`
[NixOS] Add syncthing to biskcomp 2023-12-07 01:39:50 -07:00			`};`
			`};`
[NixOS] Host docs.railbird.ai 2024-08-19 14:30:56 -06:00			`"docs.railbird.ai" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`root = "/var/lib/syncthing/railbird/docs";`
			`locations."/" = {`
			`extraConfig = ''`
			`autoindex on;`
			`'';`
			`};`
			`};`
[NixOS] Reenable vaultwarden 2023-11-17 13:25:22 -07:00			`};`
			`};`
[NixOS] Control what is enabled per machine with module options 2023-08-20 04:25:58 -06:00
[NixOS] Enable plex on biskcomp 2023-08-04 03:28:38 +00:00			`services.plex = {`
			`enable = true;`
			`};`
[NixOS] Add home assistant to biskcomp 2023-06-17 18:16:47 +00:00
[NixOS] Update biskcomp 2023-08-01 17:47:16 -06:00			`fileSystems."/" = {`
[NixOS] Finish moving biskcomp to external SSD 2023-08-02 01:20:33 +00:00			`device = "/dev/disk/by-label/NIXOS_SD";`
[NixOS] Update biskcomp 2023-08-01 17:47:16 -06:00			`fsType = "ext4";`
			`};`

[NixOS] Add home assistant to biskcomp 2023-06-17 18:16:47 +00:00			`services.home-assistant = {`
[NixOS] Disable home-assistant 2024-06-13 04:49:59 +00:00			`enable = false;`
[NixOS] Add home assistant to biskcomp 2023-06-17 18:16:47 +00:00			`extraComponents = [`
			`# Components required to complete the onboarding`
			`"met"`
			`"radio_browser"`
			`];`
			`config = {`
			`# Includes dependencies for a basic setup`
			`# https://www.home-assistant.io/integrations/default_config/`
			`default_config = {};`
			`};`
			`};`

[NixOS] Add swapfile for biskcomp 2023-08-05 17:13:32 -06:00			`swapDevices = [`
			`{ device = "/swapfile"; size = 8192; } # size is in MiB`
			`];`

[NixOS] Add Raspberry Pi 4b Configuration 2021-07-10 19:39:40 +00:00			`networking.hostName = "biskcomp";`
[NixOS] Finish moving biskcomp to external SSD 2023-08-02 01:20:33 +00:00			`system.stateVersion = "23.11";`
[NixOS] Add home manager state version to all machines 2023-08-20 04:34:42 -06:00
			`home-manager.users = forEachUser {`
			`home.stateVersion = "23.11";`
			`};`
[NixOS] Add Raspberry Pi 4b Configuration 2021-07-10 19:39:40 +00:00			`}`