Remove old machines

9 files changed, 0 insertions, 553 deletions

diff --git a/machines/srv1/baby-yoda.png b/machines/srv1/baby-yoda.png
deleted file mode 100644
index 42a200c..0000000
--- a/machines/srv1/baby-yoda.png
+++ /dev/null
Binary files differdiff --git a/machines/srv1/baby-yoda.png.comp b/machines/srv1/baby-yoda.png.comp
deleted file mode 100644
index 26eb247..0000000
--- a/machines/srv1/baby-yoda.png.comp
+++ /dev/null
Binary files differdiff --git a/machines/srv1/cgit.nix b/machines/srv1/cgit.nix
deleted file mode 100644
index 5c0749c..0000000
--- a/machines/srv1/cgit.nix
+++ /dev/null
@@ -1,99 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.lighttpd.pn-cgit;
-  pathPrefix = if stringLength cfg.subdir == 0 then "" else "/" + cfg.subdir;
-  configFile = pkgs.writeText "cgitrc"
-    ''
-      # default paths to static assets
-      css=${pathPrefix}/cgit.css
-      logo=${pathPrefix}/cgit.png
-      favicon=${pathPrefix}/favicon.ico
-      # user configuration
-      ${cfg.configText}
-    '';
-in
-{
-
-  options.services.lighttpd.pn-cgit = {
-
-    enable = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        If true, enable cgit (fast web interface for git repositories) as a
-        sub-service in lighttpd.
-      '';
-    };
-
-    subdir = mkOption {
-      default = "cgit";
-      example = "";
-      type = types.str;
-      description = ''
-        The subdirectory in which to serve cgit. The web application will be
-        accessible at http://yourserver/''${subdir}
-      '';
-    };
-
-    logo = mkOption {
-      default = "${pkgs.cgit}/cgit/cgit.png";
-      example = "";
-      type = types.str;
-      description = ''
-        Logo for your cgit server
-      '';
-    };
-
-    configText = mkOption {
-      default = "";
-      example = ''
-        source-filter=''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
-        about-filter=''${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
-        cache-size=1000
-        scan-path=/srv/git
-      '';
-      type = types.lines;
-      description = ''
-        Verbatim contents of the cgit runtime configuration file. Documentation
-        (with cgitrc example file) is available in "man cgitrc". Or online:
-        http://git.zx2c4.com/cgit/tree/cgitrc.5.txt
-      '';
-    };
-
-  };
-
-  config = mkIf cfg.enable {
-
-    # make the cgitrc manpage available
-    environment.systemPackages = [ pkgs.cgit ];
-
-    # declare module dependencies
-    services.lighttpd.enableModules = [ "mod_cgi" "mod_alias" "mod_setenv" ];
-
-    services.lighttpd.extraConfig = ''
-      $HTTP["url"] =~ "^/${cfg.subdir}" {
-          cgi.assign = (
-              "cgit.cgi" => "${pkgs.cgit}/cgit/cgit.cgi"
-          )
-          alias.url = (
-              "${pathPrefix}/cgit.css" => "${pkgs.cgit}/cgit/cgit.css",
-              "${pathPrefix}/cgit.png" => "${cfg.logo}",
-              "${pathPrefix}"          => "${pkgs.cgit}/cgit/cgit.cgi"
-          )
-          setenv.add-environment = (
-              "CGIT_CONFIG" => "${configFile}"
-          )
-      }
-    '';
-
-    systemd.services.lighttpd.preStart = ''
-      mkdir -p /var/cache/cgit
-      chown lighttpd:lighttpd /var/cache/cgit
-    '';
-
-  };
-
-}
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix
deleted file mode 100644
index 30a9b87..0000000
--- a/machines/srv1/configuration.nix
+++ /dev/null
@@ -1,369 +0,0 @@
-{ config, pkgs, ... }:
-let
-  ModSecurity-nginx = pkgs.callPackage ./modsecurity.nix { };
-  crs = pkgs.callPackage ./coreruleset.nix { };
-  nvim = (import (pkgs.fetchzip {
-    url = "https://github.com/nixos/nixpkgs/archive/517c29935b6e4dec12571e7d101e2b0da220263d.zip";
-    sha256 = "1s85sz62iykvca90d3cgd981670rnkd5c171wda7wpwdj0d52sf3";
-  }) { }).neovim.override {
-    vimAlias = true;
-  };
-
-  www = "/srv/www";
-
-  mirror = pkgs.writeScriptBin "mirror" ''
-  #!/bin/sh
-
-  name=`echo "$1" | rev | cut -d'/' -f1 | rev`
-
-  cd /srv/git
-  sudo -u git ${pkgs.git}/bin/git clone --mirror $1 $name
-  sudo -u git /run/current-system/sw/bin/chmod -R g+w $name
-  '';
-
-  newrepo = pkgs.writeScriptBin "newrepo" ''
-  #!/bin/sh
-
-  [ -z $1 ] && echo "Pass repo name" && exit 1
-
-  sudo -u git git init --bare /srv/git/$1
-  sudo -u git /run/current-system/sw/bin/chmod -R g+w /srv/git/$1
-  '';
-
-in
-  {
-    imports =
-      [
-      #./hardware-configuration.nix
-      ./cgit.nix
-      # ./yggdrasil.nix
-    ];
-
-    boot.loader.grub.enable = true;
-    boot.loader.grub.version = 2;
-    boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-    networking.hostName = "srv1";
-    networking.extraHosts = ''
-      192.168.1.136 srv1.niedzwiedzinski.cyou git.niedzwiedzinski.cyou tmp.niedzwiedzinski.cyou zhr.niedzwiedzinski.cyou help.niedzwiedzinski.cyou niedzwiedzinski.cyou pics.niedzwiedzinski.cyou
-      192.168.1.144 srv2.niedzwiedzinski.cyou
-    '' + pkgs.stdenv.lib.readFile ( pkgs.fetchurl {
-      url = "https://raw.githubusercontent.com/StevenBlack/hosts/d2be343994aacdec74865ff8d159cf6e46359adf/alternates/fakenews-gambling-porn/hosts";
-      sha256 = "1la5rd0znc25q8yd1iwbx22zzqi6941vyzmgar32jx568j856s8j";
-    } );
-
-    services.dnsmasq = {
-      enable = true;
-      servers = [ "1.1.1.1" "8.8.8.8" ];
-      extraConfig = ''
-        address=/.srv1.niedzwiedzinski.cyou/192.168.1.136
-        address=/.srv2.niedzwiedzinski.cyou/192.168.1.144
-      '';
-    };
-
-    time.timeZone = "Europe/Warsaw";
-    i18n.defaultLocale = "en_US.UTF-8"; # Less confusing locale than polish one
-    console.keyMap = "pl";
-
-    nix.gc = {
-      automatic = true;
-      options = "--delete-older-than 30d";
-    };
-    nix.optimise.automatic = true;
-    nix.trustedUsers = [ "pn" ];
-    system.autoUpgrade = {
-      enable = true;
-      allowReboot = true;
-    };
-
-    nixpkgs.config = {
-      packageOverrides = super: {
-        rss-bridge = super.rss-bridge.overrideDerivation (attrs: {
-    src = pkgs.fetchFromGitHub {
-            owner = "RSS-Bridge";
-            repo = "rss-bridge";
-            rev = "ee5d190391afffd037e09c04418a240f7ac67ecd";
-            sha256 = "0sxdl6ycqmhd76hc5r8i1yv8vgl18ssmv1p9dzx8ikp5imvfgakc";
-          };
-        });
-      };
-    };
-
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.enp4s0.useDHCP = true;
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  # };
-
-  environment.systemPackages = with pkgs; [
-    curl wget htop git
-    nvim lm_sensors
-    mirror
-    newrepo
-  ];
-
-  services.openssh.enable = true;
-  services.openssh.passwordAuthentication = false;
-  services.sshguard = {
-    enable = true;
-    whitelist = [
-      "192.168.0.0/18"
-      "201:da2c:2873:5ee3:cc87:79ce:5a12:fff9"
-    ];
-  };
-
-  services.nginx.enable = true;
-  services.nginx.package = (pkgs.nginx.override { modules = [ ModSecurity-nginx ]; });
-  services.nginx.appendHttpConfig = ''
-    modsecurity on;
-    # modsecurity_rules '
-    #   SecRuleEngine On
-    #   Include ${crs}/crs-setup.conf;
-    #   Include ${crs}/rules/*.conf;
-    # ';
-    charset utf-8;
-    source_charset utf-8;
-  '';
-  services.nginx.virtualHosts = {
-    "srv1.niedzwiedzinski.cyou" = let
-      modsec_config = builtins.toFile "modsecurity_rules.conf" ''
-        SecRuleEngine On
-        SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
-      '';
-    in {
-      enableACME = true;
-      forceSSL = true;
-      extraConfig = ''
-        location ~ /*.md {
-	  types { } default_type "text/markdown; charset=utf-8";
-        }
-        modsecurity_rules_file ${modsec_config};
-      '';
-      root = "${www}/srv1.niedzwiedzinski.cyou";
-    };
-    "pics.srv1.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${www}/pics.srv1.niedzwiedzinski.cyou";
-    };
-    "pics.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${www}/pics.srv1.niedzwiedzinski.cyou";
-    };
-    "rss.srv1.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      extraConfig = ''
-        modsecurity_rules '
-          SecRuleEngine On
-          SecRule ARGS:u "@rx life[-_]*hack(s)?" "id:1234,deny,status:403"
-        ';
-      '';
-    };
-    "git.niedzwiedzinski.cyou" = {
-      locations."/".proxyPass = "http://0.0.0.0:8080/cgit/";
-      locations."/cgit/".extraConfig = ''
-        rewrite ^/cgit/(.*) https://git.niedzwiedzinski.cyou/$1;
-      '';
-      enableACME = true;
-      forceSSL = true;
-    };
-    "bug.niedzwiedzinski.cyou" = {
-      locations."/".proxyPass = "http://0.0.0.0:8000/";
-      enableACME = true;
-      forceSSL = true;
-    };
-    "tmp.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      addSSL = true;
-      root = "${www}/tmp.niedzwiedzinski.cyou";
-      extraConfig = ''
-        modsecurity_rules '
-          SecRuleEngine On
-          SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
-          Include ${crs}/crs-setup.conf
-          Include ${crs}/all-rules.conf
-        ';
-      '';
-    };
-    "niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${www}/niedzwiedzinski.cyou";
-    };
-    "y.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${www}/niedzwiedzinski.cyou";
-      locations."/omick.net".proxyPass = "http://omick.net/";
-      locations."/suckless.org".proxyPass = "http://suckless.org/";
-      locations."/based.cooking".proxyPass = "http://based.cooking/";
-
-    };
-    "zhr.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${www}/zhr.niedzwiedzinski.cyou";
-      extraConfig = ''
-        location /rozkazy/ {
-          autoindex on;
-        }
-      '';
-    };
-    "help.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "${www}/niedzwiedzinski.cyou/help";
-    };
-  };
-  security.acme.email = "pniedzwiedzinski19@gmail.com";
-  security.acme.acceptTerms = true;
-
-  networking.firewall.allowedTCPPorts = [ 53 80 443 config.services.molly-brown.settings.Port ];
-  networking.firewall.allowedUDPPorts = [ 53 ];
-
-  services.molly-brown = {
-    hostName = "niedzwiedzinski.cyou";
-    enable = true;
-    certPath = "/var/lib/acme/niedzwiedzinski.cyou/cert.pem";
-    keyPath = "/var/lib/acme/niedzwiedzinski.cyou/key.pem";
-    docBase = "${www}/niedzwiedzinski.cyou";
-  };
-
-  systemd = {
-    services.molly-brown.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."niedzwiedzinski.cyou".group ];
-    services.noip = {
-      enable = true;
-      after = [ "network.target" "syslog.target" ];
-      serviceConfig = {
-        User = "root";
-	ExecStart = "${pkgs.noip}/bin/noip2 -c /etc/noip2.conf";
-	Restart = "always";
-	Type = "forking";
-      };
-    };
-    services.git-fetch = {
-      script = ''
-        #!/bin/sh
-        cd /srv/git
-        for f in `find . -name HEAD`; do
-          cd ''${f%HEAD}
-          ${pkgs.git}/bin/git fetch
-          cd /srv/git
-        done
-      '';
-      serviceConfig = {
-        Type = "oneshot";
-        User = "git";
-      };
-    };
-    timers.git-fetch = {
-      partOf = [ "git-fetch.service" ];
-      wantedBy = ["timers.target" ];
-      timerConfig = {
-        OnCalendar = "hourly";
-        Unit = "git-fetch.service";
-      };
-    };
-
-  };
-
-  services.lighttpd = {
-    enable = true;
-    port = 8080;
-    pn-cgit = {
-      logo = "${./baby-yoda.png.comp}";
-      enable = true;
-      configText = let
-        aboutFilter = pkgs.writeScriptBin "about-format.sh" ''
-          #!/bin/sh
-          ${pkgs.coreutils}/bin/cat << EOF
-          <style>
-          .md blockquote {
-            background: #eee;
-            font-style: italic;
-            padding: 0 1em;
-          }
-          </style>
-          <div class="md">
-          EOF
-          ${pkgs.coreutils}/bin/cat /dev/stdin | ${pkgs.lowdown}/bin/lowdown
-          echo '</div>'
-  '';
-      in ''
-        # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.sh
-        about-filter=${aboutFilter}/bin/about-format.sh
-        #about-filter=${pkgs.discount}/bin/markdown
-        cache-size=1000
-        root-title=git.niedzwiedzinski.cyou
-        root-desc=Personal git server, because I can
-        readme=:README.md
-        snapshots=tar.gz zip
-        clone-prefix=https://git.niedzwiedzinski.cyou
-        section-from-path=1
-        scan-path=/srv/git/
-      '';
-    };
-  };
-
-  services.trac = {
-    enable = true;
-  };
-
-  services.rss-bridge = {
-    enable = true;
-    virtualHost = "rss.srv1.niedzwiedzinski.cyou";
-    whitelist = [
-      "Instagram"
-      "Soundcloud"
-      "Facebook"
-    ];
-  };
-
-  users = {
-    groups = {
-      git = {};
-    };
-    users = {
-      pn = {
-        isNormalUser = true;
-        extraGroups = [ "wheel" "git" ]; # Enable ‘sudo’ for the user.
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
-        ];
-      };
-
-      git = {
-        isSystemUser = true;
-        group = "git";
-        description = "git user";
-        home = "/srv/git";
-        shell = "${pkgs.git}/bin/git-shell";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
-        ];
-      };
-    };
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
-
-}
diff --git a/machines/srv1/coreruleset.nix b/machines/srv1/coreruleset.nix
deleted file mode 100644
index c52c898..0000000
--- a/machines/srv1/coreruleset.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ stdenv, fetchFromGitHub }:
-stdenv.mkDerivation {
-  pname = "coreruleset";
-  version = "3.3.0";
-
-  src = fetchFromGitHub {
-    owner = "coreruleset";
-    repo = "coreruleset";
-    rev = "v3.3.0";
-    sha256 = "sha256:10z1051iwna5x8b8cl29frs5nx3s6ip7hc4mjkgh7vkck8ly4pjm";
-  };
-
-  installPhase = ''
-    mkdir $out
-    cp crs-setup.conf.example $out/crs-setup.conf
-    cp -r rules $out
-    for f in rules/*.conf; do
-      echo "Include \"$out/$f\"" >> $out/all-rules.conf
-    done
-  '';
-}
diff --git a/machines/srv1/default.nix b/machines/srv1/default.nix
deleted file mode 100644
index cd4010f..0000000
--- a/machines/srv1/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./hardware-configuration.nix
-    ./configuration.nix
-  ];
-}
diff --git a/machines/srv1/hardware-configuration.nix b/machines/srv1/hardware-configuration.nix
deleted file mode 100644
index 3631a5d..0000000
--- a/machines/srv1/hardware-configuration.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "dme1737" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/7daf3fc2-5800-47f8-a4fd-12a7229f727a";
-      fsType = "ext4";
-    };
-
-  swapDevices = [
-    {
-      device = "/swapfile"; size = 2048;
-    }
-  ];
-
-}
diff --git a/machines/srv1/modsecurity.nix b/machines/srv1/modsecurity.nix
deleted file mode 100644
index 85dd4d1..0000000
--- a/machines/srv1/modsecurity.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ stdenv, fetchFromGitHub, libmodsecurity }:
-let
-  pname = "ModSecurity-nginx";
-  version = "1.0.1";
-in
-stdenv.mkDerivation {
-  inherit pname version;
-
-  src = fetchFromGitHub {
-    owner = "SpiderLabs";
-    repo = "ModSecurity-nginx";
-    rev = "v${version}";
-    sha256 = "sha256:0cbb3g3g4v6q5zc6an212ia5kjjad62bidnkm8b70i4qv1615pzf";
-  };
-
-  inputs = [ libmodsecurity ];
-
-}
- 
diff --git a/machines/srv1/yggdrasil.nix b/machines/srv1/yggdrasil.nix
deleted file mode 100644
index 0d0291f..0000000
--- a/machines/srv1/yggdrasil.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  services.yggdrasil = {
-    enable = true;
-    persistentKeys = true;
-    config = {
-      Peers = [
-        "tcp://51.75.44.73:50001"
-        "tcp://176.223.130.120:22632"
-      ];
-    };
-  };
-}