From 80e689dc7ba57bff543fc657ff631ce5d2dad41f Mon Sep 17 00:00:00 2001 From: baritone Date: Thu, 27 Mar 2025 14:18:07 +0100 Subject: [PATCH] removed old unused service files --- services/rtorrent.nix | 18 ---- services/sonarr-old.nix | 189 ---------------------------------------- services/sonarr.nix | 25 ------ services/vm-test.nix | 133 ---------------------------- services/vpn.nix | 4 - 5 files changed, 369 deletions(-) delete mode 100644 services/rtorrent.nix delete mode 100755 services/sonarr-old.nix delete mode 100644 services/sonarr.nix delete mode 100644 services/vm-test.nix delete mode 100644 services/vpn.nix diff --git a/services/rtorrent.nix b/services/rtorrent.nix deleted file mode 100644 index 67c7f83..0000000 --- a/services/rtorrent.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: let - port = 9091; -in { - # services.rtorrent = { - # enable = true; - # dataDir = "/mnt/rtorrent"; - # user = "rtorrent"; - # group = "rtorrent"; - # package = pkgs.jesec-rtorrent; - # inherit port; - # }; - - services.transmission = { - enable = true; - openFirewall = false; - settings.rpc-port = port; - }; -} diff --git a/services/sonarr-old.nix b/services/sonarr-old.nix deleted file mode 100755 index a0b9140..0000000 --- a/services/sonarr-old.nix +++ /dev/null @@ -1,189 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - host = "127.0.0.1"; - port = 8989; - vm-index = 1; - vm-mac = "00:00:00:00:00:01"; - vm-name = "necoarc"; -in { - config.microvm.autostart = [vm-name]; - - config.users.extraUsers.microvm.extraGroups = [ - "jellyfin" # access to media folder - ]; - - config.system.activationScripts."make${vm-name}DataDir" = lib.stringAfter ["var"] '' - mkdir -p /var/lib/${vm-name} - chmod -R 777 /var/lib/${vm-name} - chown -R microvm /var/lib/${vm-name} - chmod -R 777 /media - ''; - - # config.networking.wireguard.enable = true; - # # config.boot.extraModulePackages = [config.boot.kernelPackages.wireguard]; - - # config.networking.wireguard.interfaces.wg0 = { - # ips = ["10.75.60.108/32"]; - # listenPort = 51820; - # privateKeyFile = "${./wireguard-secret}"; - # peers = [ - # { - # publicKey = "TPAIPTgu9jIitgX1Bz5xMCZJ9pRRZTdtZEOIxArO0Hc="; - # endpoint = "185.254.75.4:51820"; - # allowedIPs = ["0.0.0.0/0"]; - # persistentKeepalive = 25; - # } - # ]; - # }; - - # config.systemd.network.networks.wg0 = { - # matchConfig.Name = "wg0"; - # address = ["10.0.1.${toString vm-index}/24"]; - # networkConfig = { - # IPMasquerade = "ipv4"; - # IPv4Forwarding = true; - # }; - # }; - - config.microvm.vms.${vm-name} = { - config = {config, ...}: { - system.stateVersion = "24.11"; - # Storage share configuration - microvm.shares = [ - { - tag = "ro-store"; - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - } - { - tag = "data-dir"; - source = "/var/lib/${vm-name}"; - mountPoint = "/mnt"; - proto = "virtiofs"; - } - { - tag = "media-dir"; - source = "/media/shows"; - mountPoint = "/media/shows"; - proto = "virtiofs"; - } - ]; - - # Allow the service to use the share - system.activationScripts."chownDataDir" = lib.stringAfter ["var"] '' - mkdir -p /mnt - chmod -R 770 /mnt - chown -R sonarr:sonarr /mnt - ''; - systemd.services.sonarr.serviceConfig.ExecStartPre = "/run/current-system/sw/bin/sleep 5"; - systemd.services.rutorrent.serviceConfig.ExecStartPre = "/run/current-system/sw/bin/sleep 5"; - - microvm.hypervisor = "qemu"; - - # VM Networking - microvm.interfaces = [ - { - id = "vm${toString vm-index}"; - type = "tap"; - mac = vm-mac; - } - ]; - networking.useNetworkd = true; - systemd.network.networks."10-eth" = { - matchConfig.MACAddress = vm-mac; - address = [ - "10.0.0.${toString vm-index}/32" - ]; - routes = [ - # Host Route - { - Destination = "10.0.0.0/32"; - GatewayOnLink = true; - } - # Default route - { - Destination = "0.0.0.0/0"; - Gateway = "10.0.0.0"; - GatewayOnLink = true; - } - ]; - networkConfig = { - DNS = [ - "9.9.9.9" - "8.8.8.8" - "8.8.4.4" - ]; - }; - }; - - networking.useDHCP = false; - networking.nameservers = [ - "10.0.101.1" - "8.8.8.8" - "8.8.4.4" - ]; - - programs.nano.enable = lib.mkForce false; - programs.vim.enable = true; - - # Services - services.sonarr = { - enable = true; - openFirewall = true; - dataDir = "/mnt/sonarr"; - }; - - services.rtorrent = { - enable = true; - dataDir = "/mnt/rtorrent"; - user = "rtorrent"; - group = "rtorrent"; - port = 9999; - }; - - # Debug user - users.users."root" = { - password = "1234"; - }; - - environment.systemPackages = [pkgs.dig]; - - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "yes"; - AllowUsers = null; - PasswordAuthentication = true; - KbdInteractiveAuthentication = true; - }; - }; - }; - }; - - config.networking.firewall.allowedTCPPorts = [port 80 433]; - config.networking.firewall.allowedUDPPorts = [port 80 433]; - - config.services.nginx.virtualHosts."sonarr.spoodythe.one" = { - addSSL = true; - enableACME = true; - listen = [ - { - port = 8989; - addr = "0.0.0.0"; - ssl = false; - } - { - port = 443; - addr = "0.0.0.0"; - ssl = true; - } - ]; - locations."/" = { - proxyPass = "http://10.0.0.${toString vm-index}:${toString port}"; - }; - }; -} diff --git a/services/sonarr.nix b/services/sonarr.nix deleted file mode 100644 index b3a271c..0000000 --- a/services/sonarr.nix +++ /dev/null @@ -1,25 +0,0 @@ -{...}: let - host = "127.0.0.1"; - port = 8989; -in { - users.extraUsers.sonarr.extraGroups = ["jellyfin"]; # Access to the media folder - services.sonarr = { - enable = true; - openFirewall = true; - }; - services.rtorrent = { - enable = true; - dataDir = "/mnt/rtorrent"; - user = "rtorrent"; - group = "rtorrent"; - port = 9999; - }; - - services.nginx.virtualHosts."sonarr.spoodythe.one" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}"; - }; - }; -} diff --git a/services/vm-test.nix b/services/vm-test.nix deleted file mode 100644 index 207d0bf..0000000 --- a/services/vm-test.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ - config, - pkgs, - ... -}: let - vm-index = 1; - vm-mac = "02:00:00:00:00:02"; -in { - config.microvm.vms."vm-test" = { - config = {...}: { - microvm.interfaces = [ - { - id = "vm${toString vm-index}"; - type = "tap"; - mac = vm-mac; - } - ]; - - microvm.shares = [ - { - tag = "ro-store"; - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - } - ]; - - networking.useNetworkd = true; - networking.usePredictableInterfaceNames = false; - systemd.network.networks."10-eth" = { - matchConfig.MACAddress = vm-mac; - address = [ - "10.0.0.${toString vm-index}/32" - ]; - routes = [ - # Host Route - { - Destination = "10.0.0.0/32"; - GatewayOnLink = true; - } - # Default route - { - Destination = "0.0.0.0/0"; - Gateway = "10.0.0.0"; - GatewayOnLink = true; - } - ]; - networkConfig = { - DNS = [ - "9.9.9.9" - "8.8.8.8" - "8.8.4.4" - ]; - }; - }; - - networking.useDHCP = false; - networking.nameservers = [ - "10.0.101.1" - "8.8.8.8" - "8.8.4.4" - ]; - - systemd.services."wireguard-kill-switch" = { - description = "Wireguard Kill Switch"; - after = ["network-online.target"]; - wants = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - - serviceConfig = { - type = "oneshot"; - ExecStart = pkgs.writeShellScript "wgconf.sh" '' - # Stay a while and listen - # ${pkgs.toybox}/bin/sleep 5 - # Route local traffic through wg0 except local traffic - ${pkgs.iproute2}/bin/ip route add 10.0.0.0/32 dev eth0 && \ - ${pkgs.iproute2}/bin/ip route add 0.0.0.0/1 dev wg0 - # Block all traffic that isnt local or through the vpn - ${pkgs.iptables}/bin/iptables -I OUTPUT ! -o wg0 -m mark ! --mark 42 -m addrtype ! --dst-type LOCAL ! -d 10.0.0.0/32 -j REJECT - ''; - RemainAfterExit = "yes"; - }; - }; - - networking.wireguard.enable = true; - systemd.network = { - netdevs."10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1300"; - }; - wireguardConfig = { - PrivateKeyFile = "${./wireguard-secret}"; - FirewallMark = 42; - ListenPort = 51820; - }; - wireguardPeers = [ - { - PublicKey = "0qSP0VxoIhEhRK+fAHVvmfRdjPs2DmmpOCNLFP/7cGw="; - AllowedIPs = ["0.0.0.0/0"]; - Endpoint = "193.32.248.66:51820"; - # PersistentKeepalive = 25; - } - ]; - }; - networks."wg0" = { - matchConfig.Name = "wg0"; - address = [ - " 10.65.241.123/32" - ]; - DHCP = "no"; - dns = ["10.64.0.1"]; - gateway = [ - "10.0.0.0" - ]; - }; - }; - - users.users.root = { - password = "1234"; - }; - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "yes"; - AllowUsers = null; - PasswordAuthentication = true; - KbdInteractiveAuthentication = true; - }; - }; - }; - }; -} diff --git a/services/vpn.nix b/services/vpn.nix deleted file mode 100644 index 988ebf9..0000000 --- a/services/vpn.nix +++ /dev/null @@ -1,4 +0,0 @@ -{pkgs, ...}: { - services.mullvad-vpn.enable = true; - environment.systemPackages = [pkgs.wireguard-tools]; -}