configuration-desktop.nix

@@ -49,12 +49,7 @@
 
   programs = {
     chromium.enable = true;
-    firefox = {
+    firefox.enable = true;
-      enable = true;
-      nativeMessagingHosts.packages = [
-        pkgs.fx-cast-bridge
-      ];
-    };
     kdeconnect.enable = true;
     partition-manager.enable = true;
     wireshark.enable = true;
@@ -66,7 +61,6 @@
         obs-livesplit-one
       ];
     };
-    thunar.enable = true;
   };
   environment.sessionVariables.TERMINAL = "footclient";
 
@@ -80,11 +74,9 @@
     via
     libimobiledevice
 
+    dwarfdump
     ffmpeg
     gimp
-    feh
-    vlc
-    mpv
 
     kdePackages.plasma-thunderbolt
   ];

configuration.nix

@@ -52,7 +52,6 @@ in {
       units
       units-desktop
       patchelf
-      dwarfdump
       gdb
       kubectl
       p7zip
@@ -124,7 +123,6 @@ in {
           hdc = "hexdump -ve '\"\\\x\" 1/1 \"%02x\"'";
           nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb";
           mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt";
-          woman = "man";
         };
       };
       tmux = {

dotfiles/zsh-init.sh

@@ -16,31 +16,7 @@ function nixos-edit() {
 }
 
 function nixos-apply() {
-    flags=("--sudo" "--use-substitutes")
+    sudo nixos-rebuild switch --flake ~/nixos-config#$HOST "$@"
-    host="$HOST"
-    action="switch"
-    while [[ "$#" != 0 ]]; do
-        case "$1" in
-            --host)
-                host="$2"
-                shift
-                shift
-                ;;
-            --boot)
-                action="boot"
-                shift
-                ;;
-            *)
-                flags+=("$1")
-                shift
-                ;;
-        esac
-    done
-    flags+=("--flake" "$HOME/nixos-config#$host")
-    if [[ "$host" != "$HOST" ]]; then
-        flags+=("--target-host" "$host")
-    fi
-    nixos-rebuild "$action" "${flags[@]}"
 }
 
 lsflags=()

overlays/packages.nix

@@ -10,19 +10,6 @@ let overlay = final: prev: {
       hash = "sha256-vwGHiLKSjJor4A+r599DlvSHXkDuuLSSQ4/tWFALMKU=";
     })];
   });
-  sftpgo = prev.sftpgo.overrideAttrs (prev: {
-    # killing and tearing and ripping and maiming
-    postPatch = (prev.postPatch or "") + ''
-      sed -E -i -e '/func preserveUserProfile/a newUser.Groups = user.Groups;' internal/common/eventmanager.go
-    '';
-  });
-  fx-cast-bridge = prev.fx-cast-bridge.overrideAttrs (prev: {
-    postConfigure = (prev.postConfigure or "") + ''
-      substituteInPlace node_modules/mdns/lib/resolver_sequence_tasks.js --replace-fail \
-        'cares.getaddrinfo(req, host, family, 0, false)' \
-        'cares.getaddrinfo(req, host, family, 0, 0)'
-    '';
-  });
   idapro9 = pkgs.callPackage ../pkgs/idapro9.nix {};
   condition-unmetered-network = pkgs.callPackage ../pkgs/condition-unmetered-network {};
   units-desktop = pkgs.callPackage ../pkgs/units-desktop.nix {};

sites/daisy/configuration.nix

@@ -25,9 +25,9 @@
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
   networking.firewall.allowedUDPPorts = [ 1337 ];
-  systemd.coredump.enable = false;
 
   system.stateVersion = "24.11";
+  #services.immich.enable = true;
 
   hardware.ipu6 = {
     enable = true;

sites/hydrangea/configuration.nix

@@ -37,15 +37,10 @@
 
   services.nginx = {
     enable = true;
-    additionalModules = [
-      pkgs.nginxModules.rtmp
-    ];
-
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    clientMaxBodySize = "10g";
 
     virtualHosts = {
       "home.rhelmot.io" = {
@@ -90,55 +85,8 @@
           proxyWebsockets = true;
         };
       };
-      "sftpgo.home.rhelmot.io" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:3006";
-          proxyWebsockets = true;
     };
   };
-      "jellyfin.home.rhelmot.io" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:8096";
-          proxyWebsockets = true;
-        };
-      };
-      # "owncast.home.rhelmot.io" = {
-      #   enableACME = true;
-      #   forceSSL = true;
-      #   locations."/" = {
-      #     proxyPass = "http://127.0.0.1:3007";
-      #     proxyWebsockets = true;
-      #   };
-      # };
-      "127.0.0.1:1934" = {
-        listen = [{ addr = "127.0.0.1"; port = 1934; ssl = false; }];
-        locations."/" = {
-          root = "/var/www/stream/";
-          tryFiles = "/$arg_name =404";
-        };
-      };
-    };
-
-    appendConfig = ''
-      rtmp {
-        server {
-          listen 1935;
-          chunk_size 4000;
-          application live {
-            live on;
-            allow publish all;
-            allow play all;
-            notify_method get;
-            on_publish http://127.0.0.1:1934/;
-          }
-        }
-      }
-    '';
-  };
 
   services.vaultwarden = {
     enable = true;
@@ -180,14 +128,6 @@
     settings = {
       newVersionCheck.enabled = false;
       server.externalDomain = "https://immich.home.rhelmot.io";
-      oauth = {
-        enabled = true;
-        autoLaunch = true;
-        buttonText = "Single Sign-On";
-        clientId = "immich";
-        clientSecret._secret = "/var/lib/immich/oidc-client-secret";
-        issuerUrl = "https://auth.rhelmot.io/realms/rhelmot";
-      };
     };
   };
 
@@ -254,65 +194,12 @@
     settings.gui.user = "audrey";
   };
 
-  services.sftpgo = {
-    enable = true;
-    dataDir = "/var/lib/sftpgo";
-    extraReadWriteDirs = [
-      "/var/lib/jellyfin/library"
-    ];
-    settings = {
-      tz = "local";
-      httpd.bindings = [{
-        port = 3006;
-        # 1 means OIDC for the WebAdmin UI.
-        # 2 means OIDC for the WebClient UI.
-        # 4 means login form for the WebAdmin UI.
-        # 8 means login form for the WebClient UI.
-        # 16 means the admin token endpoint for REST API.
-        # 32 means the user token endpoint for REST API.
-        # 64 means admin API key login.
-        # 128 means user API key login.
-        disabled_login_methods = 1 + 8;
-        oidc = {
-          config_url = "https://auth.rhelmot.io/realms/rhelmot";
-          client_id = "sftpgo";
-          client_secret_file = "/var/lib/sftpgo/oidc-client-secret";
-          redirect_base_url = "https://sftpgo.home.rhelmot.io";
-          username_field = "preferred_username";
-          scopes = [
-            "openid"
-            "profile"
-            "email"
-            "sftpgo"
-          ];
-        };
-      }];
-      sftpd.bindings = [{
-        port = 28022;
-        address = "0.0.0.0";
-      }];
-      sftpd.password_authentication = false;
-    };
-  };
-
-  services.jellyfin = {
-    enable = true;
-  };
-
-  # services.owncast = {
-  #   enable = true;
-  #   port = 3007;
-  #   rtmp-port = 1935;
-  # };
-
   # TODO
+  # - sftpgo
   # - transfer old nextcloud files
-  # - move old data files to sftpgo/audrey?
+  # - jellyfin
-  # - alerting
   # ON HOLD
   # - dyndns
   #   - https://github.com/qdm12/ddns-updater/pull/1046
   #   - https://github.com/ddclient/ddclient/pull/852
-  # - hedgedoc keycloak
-  #   - waiting for hedgedoc2 release to get oidc
 }

sites/hydrangea/hardware-configuration.nix

@@ -21,8 +21,6 @@
     "main/hedgedoc".mountPoint = "/var/lib/hedgedoc";
     "main/immich".mountPoint = "/var/lib/immich";
     "main/syncthing".mountPoint = "/var/lib/syncthing";
-    "main/jellyfin".mountPoint = "/var/lib/jellyfin";
-    "main/jellyfin-cache".mountPoint = "/var/cache/jellyfin";
   };
 
   fileSystems."/boot" = {

sites/sunflower/configuration.nix

@@ -102,14 +102,12 @@
       "mspa"
       "wiki-js"
       "forgejo"
-      "keycloak"
     ];
     ensureUsers = [
       { name = "bingosync"; ensureDBOwnership = true; }
       { name = "mspa"; ensureDBOwnership = true; }
       { name = "wiki-js"; ensureDBOwnership = true; }
       { name = "forgejo"; ensureDBOwnership = true; }
-      { name = "keycloak"; ensureDBOwnership = true; }
     ];
     authentication = pkgs.lib.mkOverride 10 ''
       #type database  DBuser  auth-method optional_ident_map
@@ -123,7 +121,6 @@
        defaultmap      bingosync bingosync
        defaultmap      wiki-js   wiki-js
        defaultmap      forgejo   forgejo
-       defaultmap      keycloak  keycloak
     '';
   };
 
@@ -252,6 +249,8 @@
           proxyPass = "http://192.168.100.11:3000";
           proxyWebsockets = true;
           recommendedProxySettings = true;
+          extraConfig = ''
+          '';
         };
       };
       "anons.ee" = {
@@ -261,14 +260,8 @@
           proxyPass = "http://192.168.100.11:3000";
           proxyWebsockets = true;
           recommendedProxySettings = true;
-        };
+          extraConfig = ''
-      };
+          '';
-      "auth.rhelmot.io" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:3030";
-          proxyWebsockets = true;
         };
       };
     };
@@ -299,22 +292,4 @@
     config.imports = [ ./anonsee.nix ];
   };
   services.nginx.logError = "stderr info";
-
-  services.keycloak = {
-    enable = true;
-    database.host = "/run/postgresql";
-    database.type = "postgresql";
-    initialAdminPassword = "bitesyouchangeme";
-    plugins = with pkgs.keycloak.plugins; [
-      junixsocket-common
-      junixsocket-native-common
-    ];
-    settings = {
-      hostname = "auth.rhelmot.io";
-      http-host = "127.0.0.1";
-      http-port = 3030;
-      proxy-headers = "xforwarded";
-      http-enabled = true;
-    };
-  };
 }