🔒 removed logging on privacy respecting frontend, as there is no point in tracking my users and cloging up my storage

This commit is contained in:
Barna Máté 2024-06-10 14:42:41 +02:00
parent 30a1cb6481
commit acc9e13344
30 changed files with 69 additions and 210 deletions

View file

@ -63,24 +63,6 @@
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -95,9 +77,9 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
@ -113,7 +95,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_3": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
@ -146,7 +128,7 @@
},
"gradle2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3"
},
"locked": {
@ -192,16 +174,16 @@
]
},
"locked": {
"lastModified": 1716729592,
"narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=",
"lastModified": 1716736833,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2c78a57c544dd19b07442350727ced097e1aa6e6",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
@ -226,28 +208,6 @@
"url": "https://git.4o1x5.dev/4o1x5/i2pd-exporter"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1716754174,
"narHash": "sha256-L2Vni6dGDFWXWwY0rqkQWtZXt+qYQKUZr+Fj+EpI97Q=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "fa4262c3c9197e7d62185858907f2e5acff3258d",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
@ -339,7 +299,7 @@
},
"pnpm2nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4"
},
"locked": {
@ -377,7 +337,6 @@
"agenix": "agenix",
"home-manager": "home-manager_2",
"i2pd-exporter": "i2pd-exporter",
"microvm": "microvm",
"nixpkgs": "nixpkgs_2",
"piped": "piped",
"scribe": "scribe"
@ -385,7 +344,7 @@
},
"scribe": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
@ -404,22 +363,6 @@
"url": "https://git.sr.ht/~edwardloveall/scribe"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1708358594,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 614,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -464,21 +407,6 @@
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

View file

@ -4,7 +4,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -22,11 +22,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
};
@ -35,7 +30,6 @@
, nixpkgs
, home-manager
, i2pd-exporter
, microvm
, agenix
, scribe
, piped
@ -80,22 +74,6 @@
lime = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
({ pkgs, ... }: {
nixpkgs.overlays = [
(self: super: {
inadyn = super.inadyn.overrideAttrs
(oldAttrs: rec {
src = pkgs.fetchFromGitHub
{
owner = "troglobit";
repo = "inadyn";
rev = "7d576c4d00d312597c2b9c06c00529d2dde5ac89";
hash = "sha256-EJ9/MZhz/Gjj2RCMRDkwuKRatig/t1wAqQRqOcHA2gc=";
};
});
})
];
})
./hosts/lime/root.nix
./root.nix
./secrets/lime.nix

View file

@ -10,7 +10,7 @@
# routes (other servers)
./services/routes/owncast.nix
./services/routes/openproject.nix
./services/routes/hydra.nix
#./services/routes/hydra.nix
./services/routes/csengo.nix
./services/routes/penpot.nix
./services/routes/matrix.nix

View file

@ -49,7 +49,7 @@
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
];
name = config.networking.hostname;
name = config.networking.hostName;
};
};
}

View file

@ -88,7 +88,6 @@ in
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
"${config.networking.domain}" = {
forceSSL = true;
enableACME = true;

View file

@ -21,9 +21,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:7344";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -1,8 +1,6 @@
{ pkgs, config, ... }: {
virtualisation.oci-containers.containers = {
biblioreads = {
image = "nesaku/biblioreads:latest";
ports = [
@ -18,9 +16,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:5484";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -17,7 +17,6 @@
locations."/" = {
proxyPass = " http://127.0.0.1:7382";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
rewrite ^/www.pinterest.com$ http://binternet.${config.networking.domain}/ permanent;
rewrite ^/pinterest.com$ http://binternet.${config.networking.domain}/ permanent;
'';

View file

@ -7,11 +7,16 @@
ports = [
"1584:10416"
];
# Todo fix since it doesnt work (required by default)
environment = {
CANONICAL_ORIGIN = "https://breezewiki.${config.networking.domain}";
canonical_origin = "https://breezewiki.${config.networking.domain}";
};
};
};
services.nginx = {
virtualHosts = {
"breezewiki.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
@ -24,5 +29,4 @@
};
};
};
}

View file

@ -17,9 +17,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:8332";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -29,9 +29,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:4032";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -26,9 +26,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:7345";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -36,9 +36,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:3345";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -16,9 +16,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:1484";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -9,9 +9,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:4772";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -34,9 +34,6 @@
locations."/" = {
proxyPass = " http://127.0.0.1:2355";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -16,9 +16,6 @@
locations."/" = {
proxyPass = " http://127.0.0.1:3672";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
"redlib.${config.networking.domain}" = {
@ -27,9 +24,6 @@
locations."/" = {
proxyPass = " http://127.0.0.1:3672";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};

View file

@ -34,9 +34,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -44,9 +44,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:7100";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -22,9 +22,6 @@
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:7283";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};

View file

@ -1,23 +1,24 @@
{ pkgs, config, ... }: {
services.nginx = {
virtualHosts = {
"hydra.${config.networking.domain}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://32.54.31.99:6732";
};
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
"hydra.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://32.54.31.99:6732";
};
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
}

View file

@ -1,9 +1,8 @@
{ pkgs, config, ... }:
let
fqdn = "${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = "https://matrix.${fqdn}";
serverConfig."m.server" = "${fqdn}:443";
baseUrl = "https://${config.networking.domain}";
clientConfig."m.homeserver".base_url = "https://matrix.${config.networking.domain}";
serverConfig."m.server" = "${config.networking.domain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
@ -27,8 +26,7 @@ in
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
"${fqdn}" = {
"${config.networking.domain}" = {
# well known paths for matrix
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."/_matrix".proxyPass = "http://32.54.31.241:8008";

View file

@ -2,21 +2,22 @@
services.nginx = {
virtualHosts = {
"penpot.${config.networking.domain}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://32.54.31.241:9032";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
"penpot.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
# Todo fix font routes
locations."/" = {
proxyPass = " http://32.54.31.241:9032";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
}

View file

@ -16,13 +16,13 @@
bot = {
channel = "/music";
name = "Zenebona";
comment = "szia";
comment = "Bassza meg az MSZP, csak a FIDESZ";
admin = "penge;dmk";
stereo = true;
when_nobody_in_channel = "pause_resume";
bitrate = 1300000;
};
commands.command_symbol = ".:@:;:4:!:1";
commands.command_symbol = ".:@:;:4:!:1:,:':2";
};
}

View file

@ -9,7 +9,7 @@
./services/dns.nix
./services/endlessh.nix
./services/i2pd.nix
./services/hydra.nix
#./services/hydra.nix
# monitoring

View file

@ -1,6 +1,4 @@
{ pkgs, config, ... }: {
services.adguardhome = {
enable = true;
openFirewall = true;

View file

@ -7,7 +7,6 @@
# pihole
53
1444
# prometheus
9090
@ -18,6 +17,7 @@
8422 # csengoclient
5333 # csengoserver
5432
# learningpulse
8181
@ -25,13 +25,10 @@
allowedUDPPorts = [
22 # ssh
# pihole
53
1444
# prometheus
9090
8080
53
8422 # csengoclient
5333 # csengoserver

View file

@ -1,7 +1,7 @@
{ pkgs, lib, config, ... }: {
services.i2pd = {
enable = true;
enable = false;
port = 9732;
enableIPv6 = true;
floodfill = true;
@ -33,7 +33,7 @@
# need to create a nginx proxy that proxies the reseed file
services.prometheus.exporters.i2pd = {
enable = true;
enable = config.services.i2pd.enable;
port = 3321;
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
routerPassword = "itoopie";

View file

@ -12,13 +12,12 @@ in
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "prometheus";
type = "prometheus";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
isDefault = true;
}
datasources.settings.datasources = [{
name = "prometheus";
type = "prometheus";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
isDefault = true;
}
# {
# name = "loki";
# type = "loki";

View file

@ -16,7 +16,6 @@
};
};
home-manager.users.root.home.stateVersion = "23.11";
networking.networkmanager.enable = true;
@ -54,7 +53,6 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
system.stateVersion = "23.11";
environment.systemPackages = with pkgs; [
docker-compose
@ -69,4 +67,7 @@
enableOnBoot = false;
};
home-manager.users.root.home.stateVersion = "24.05";
system.stateVersion = "24.05";
}