From 1ee4164f83decd1ddf912b5a4009b54d6a8957a3 Mon Sep 17 00:00:00 2001
From: 514fpv <koishi@514fpv.one>
Date: Fri, 2 Feb 2024 04:39:50 +0800
Subject: [PATCH] refactor(eientei)!: migrate library configuration

---
 spec/{library => eientei}/acme.nix       |  0
 spec/{library => eientei}/coturn.nix     |  2 +
 spec/eientei/default.nix                 |  5 ++
 spec/eientei/forgejo.nix                 | 36 ++++++++++++++
 spec/{library => eientei}/matrix.nix     |  2 +
 spec/{library => eientei}/nextcloud.nix  |  6 ++-
 spec/{library => eientei}/nginx.nix      |  3 +-
 spec/{library => eientei}/postgresql.nix |  2 +
 spec/library/default.nix                 | 38 ---------------
 spec/library/forgejo.nix                 | 61 ------------------------
 10 files changed, 52 insertions(+), 103 deletions(-)
 rename spec/{library => eientei}/acme.nix (100%)
 rename spec/{library => eientei}/coturn.nix (96%)
 create mode 100644 spec/eientei/forgejo.nix
 rename spec/{library => eientei}/matrix.nix (94%)
 rename spec/{library => eientei}/nextcloud.nix (86%)
 rename spec/{library => eientei}/nginx.nix (88%)
 rename spec/{library => eientei}/postgresql.nix (70%)
 delete mode 100644 spec/library/default.nix
 delete mode 100644 spec/library/forgejo.nix

diff --git a/spec/library/acme.nix b/spec/eientei/acme.nix
similarity index 100%
rename from spec/library/acme.nix
rename to spec/eientei/acme.nix
diff --git a/spec/library/coturn.nix b/spec/eientei/coturn.nix
similarity index 96%
rename from spec/library/coturn.nix
rename to spec/eientei/coturn.nix
index 81cac29c..6f633083 100644
--- a/spec/library/coturn.nix
+++ b/spec/eientei/coturn.nix
@@ -54,4 +54,6 @@ in {
       allowedTCPPortRanges = range;
       allowedTCPPorts = [ 3478 5349 ];
   };
+
+  global.fs.zfs.mountpoints."/nix/persist/service/coturn" = "service/coturn";
 }
diff --git a/spec/eientei/default.nix b/spec/eientei/default.nix
index 0e277d8a..0f6ce2b1 100644
--- a/spec/eientei/default.nix
+++ b/spec/eientei/default.nix
@@ -1,4 +1,5 @@
 { lib
+, pkgs
 , ... }: {
   global = {
     id = "ff96c05be13e44f681292205370eed1a";
@@ -13,6 +14,7 @@
     fs.cryptsetup.allowDiscards = false;
     fs.cryptsetup.uuids.secret = "c33c9b18-a280-42d7-8740-3f8d3f60dc43";
     boot.lanzaboote = true;
+    acme.enable = true;
   };
 
   services.fstrim.enable = true;
@@ -45,4 +47,7 @@
   boot.initrd.kernelModules = [ "i915" ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
+
+  networking.firewall.allowedTCPPorts = [ 25565 ];
+  environment.systemPackages = with pkgs; [ python3 ];
 }
diff --git a/spec/eientei/forgejo.nix b/spec/eientei/forgejo.nix
new file mode 100644
index 00000000..2f9e029e
--- /dev/null
+++ b/spec/eientei/forgejo.nix
@@ -0,0 +1,36 @@
+{ pkgs
+, config
+, ...}: let
+  host = "src.514fpv.io";
+in {
+  services.forgejo = {
+    enable = true;
+    lfs.enable = true;
+    stateDir = "/nix/persist/service/forgejo";
+    database.type = "postgres";
+    database.createDatabase = true;
+    settings = {
+      server = {
+        SSH_PORT = 8087;
+        COOKIE_SECURE = true;
+        LANDING_PAGE = "explore";
+        DOMAIN = host;
+        PROTOCOL = "http+unix";
+        ROOT_URL = "https://${host}:2096/";
+      };
+      DEFAULT.APP_NAME = "Forgejo";
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+
+  users.users.forgejo.uid = 1023;
+  users.groups.forgejo.gid = 1023;
+
+  services.nginx.virtualHosts.${host} = {
+    useACMEHost = ".514fpv.io";
+    addSSL = true;
+    locations."/".proxyPass = "http://unix:/run/forgejo/forgejo.sock";
+  };
+
+  global.fs.zfs.mountpoints."/nix/persist/service/forgejo" = "service/forgejo";
+}
diff --git a/spec/library/matrix.nix b/spec/eientei/matrix.nix
similarity index 94%
rename from spec/library/matrix.nix
rename to spec/eientei/matrix.nix
index 0569cb3c..8b884e5f 100644
--- a/spec/library/matrix.nix
+++ b/spec/eientei/matrix.nix
@@ -45,4 +45,6 @@ in {
   };
 
   networking.firewall.allowedTCPPorts = [ 8448 ];
+
+  global.fs.zfs.mountpoints."/nix/persist/service/matrix" = "service/matrix";
 }
diff --git a/spec/library/nextcloud.nix b/spec/eientei/nextcloud.nix
similarity index 86%
rename from spec/library/nextcloud.nix
rename to spec/eientei/nextcloud.nix
index dfac5afb..be80b390 100644
--- a/spec/library/nextcloud.nix
+++ b/spec/eientei/nextcloud.nix
@@ -20,8 +20,8 @@ in {
     config.dbtype = "pgsql";
     config.adminuser = "koishi";
     config.adminpassFile = builtins.toString (pkgs.writeText "password" "initial_password");
-    extraOptions.overwriteprotocol = "https";
-    extraOptions.default_phone_region = "US";
+    settings.overwriteprotocol = "https";
+    settings.default_phone_region = "US";
     caching.redis = true;
     phpOptions.upload_max_filesize = "128G";
     phpOptions.post_max_size = "128G";
@@ -37,4 +37,6 @@ in {
     useACMEHost = ".514fpv.io";
     addSSL = true;
   };
+
+  global.fs.zfs.mountpoints."/nix/persist/service/nextcloud" = "service/nextcloud";
 }
diff --git a/spec/library/nginx.nix b/spec/eientei/nginx.nix
similarity index 88%
rename from spec/library/nginx.nix
rename to spec/eientei/nginx.nix
index e6980dcc..facdc9ba 100644
--- a/spec/library/nginx.nix
+++ b/spec/eientei/nginx.nix
@@ -11,7 +11,6 @@
     # set a reasonable default
     clientMaxBodySize = "64m";
 
-    # proxy services running on TrueNAS
     virtualHosts = {
       "_" = {
         addSSL = true;
@@ -26,7 +25,7 @@
           proxy_buffering off;
         '';
         locations."/" = {
-          proxyPass = "http://192.168.1.250:8123";
+          proxyPass = "http://127.0.0.1:8123";
           proxyWebsockets = true;
         };
       };
diff --git a/spec/library/postgresql.nix b/spec/eientei/postgresql.nix
similarity index 70%
rename from spec/library/postgresql.nix
rename to spec/eientei/postgresql.nix
index dc082ee9..22d99ced 100644
--- a/spec/library/postgresql.nix
+++ b/spec/eientei/postgresql.nix
@@ -7,4 +7,6 @@
 
     package = pkgs.postgresql_15;
   };
+
+  global.fs.zfs.mountpoints."/nix/persist/service/postgresql" = "service/postgresql";
 }
diff --git a/spec/library/default.nix b/spec/library/default.nix
deleted file mode 100644
index daaac493..00000000
--- a/spec/library/default.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ pkgs
-, lib
-, modulesPath
-, ... }: {
-  global = {
-    id = "bc8036643fc24f04ab150ff6a38dcce7";
-    auth.openssh.enable = true;
-    libvirt.enable = false;
-    fs.esp.uuid = "00A5-929C";
-    fs.type = "xfs";
-    fs.store = "25b9f83f-7f6d-432f-a169-2985e5930401";
-    fs.external.enable = true;
-    fs.external.device = "/dev/disk/by-uuid/ba3d0989-9f81-4ac0-b5a7-124c86835cfa";
-    fs.external.fsType = "ext4";
-    fs.external.options = [ "noatime" ];
-    oci.enable = true;
-    acme.enable = true;
-  };
-
-  networking.proxy = {
-    default = "socks5://192.168.1.253:1080";
-    noProxy = "127.0.0.1,localhost,.localdomain";
-  };
-
-  imports = lib.pipe ./. [
-    builtins.readDir
-    (lib.filterAttrs (n: ty: ty == "regular" && n != "default.nix"))
-    (lib.mapAttrsToList (n: _: ./${n}))
-  ] ++ [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ahci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-  boot.kernelParams = [ "console=ttyS0,115200n8" ];
-  networking.firewall.allowedTCPPorts = [ 25565 ];
-  environment.systemPackages = with pkgs; [ python3 ];
-}
diff --git a/spec/library/forgejo.nix b/spec/library/forgejo.nix
deleted file mode 100644
index 16a89ffa..00000000
--- a/spec/library/forgejo.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-{ pkgs
-, config
-, ...}: let
-  host = "src.514fpv.io";
-in {
-  services.forgejo = {
-    enable = true;
-    lfs.enable = true;
-    stateDir = "/nix/persist/service/forgejo";
-    database.type = "postgres";
-    database.createDatabase = true;
-    settings = {
-      server = {
-        SSH_PORT = 8087;
-        COOKIE_SECURE = true;
-        LANDING_PAGE = "explore";
-        DOMAIN = host;
-        PROTOCOL = "http+unix";
-        ROOT_URL = "https://${host}:2096/";
-      };
-      DEFAULT.APP_NAME = "Forgejo";
-      service.DISABLE_REGISTRATION = true;
-    };
-  };
-
-  users.users.forgejo.uid = 1023;
-  users.groups.forgejo.gid = 1023;
-
-  services.nginx.virtualHosts.${host} = {
-    useACMEHost = ".514fpv.io";
-    addSSL = true;
-    locations."/".proxyPass = "http://unix:/run/forgejo/forgejo.sock";
-  };
-
-  services.gitea-actions-runner.instances.local = {
-    enable = true;
-    url = "https://${host}:2096";
-    name = config.networking.hostName;
-    tokenFile = "/nix/persist/secret/gitea-runner";
-    labels = [
-      # provide a debian base with nodejs for actions
-      "debian-latest:docker://node:18-bullseye"
-      # fake the ubuntu name, because node provides no ubuntu builds
-      "ubuntu-latest:docker://node:18-bullseye"
-    ];
-    settings = {
-      runner.envs = let
-        proxy = "socks5://192.168.1.253:1080";
-      in {
-        all_proxy = proxy;
-        ftp_proxy = proxy;
-        http_proxy = proxy;
-        https_proxy = proxy;
-        rsync_proxy = proxy;
-        no_proxy = "127.0.0.1,localhost,.localdomain";
-      };
-    };
-  };
-
-  environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/private/gitea-runner" ];
-}