8 files changed, 257 insertions, 0 deletions

diff --git a/modules/retired/forgejo/default.nix b/modules/retired/forgejo/default.nix
new file mode 100644
index 0000000..9db55b2
--- /dev/null
+++ b/modules/retired/forgejo/default.nix
@@ -0,0 +1,65 @@
+{ inputs, config, lib, pkgs, ... }:
+let
+  domain = "git.tdback.net";
+  port = 3000;
+in
+{
+  services.forgejo = {
+    enable = true;
+    package = pkgs.unstable.forgejo;
+    stateDir = "/tank/forgejo";
+    database.type = "postgres";
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = domain;
+        ROOT_URL = "https://${domain}/";
+        HTTP_PORT = port;
+      };
+      service.DISABLE_REGISTRATION = true;
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "https://${domain}";
+      };
+    };
+  };
+
+  age.secrets.forgejoAdminPass = {
+    file = "${inputs.self}/secrets/forgejoAdminPass.age";
+    mode = "770";
+    owner = "forgejo";
+    group = "forgejo";
+  };
+
+  systemd.services.forgejo.preStart =
+    let
+      adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
+      password = config.age.secrets.forgejoAdminPass.path;
+      user = "tdback";
+      email = "tyler@tdback.net";
+    in ''
+      ${adminCmd} create --admin --email ${email} --username ${user} --password "$(tr -d '\n' < ${password})" || true
+    '';
+
+  services.openssh.settings.AllowUsers = [ "forgejo" ];
+
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    encode zstd gzip
+    reverse_proxy http://localhost:${builtins.toString port}
+  '';
+
+  age.secrets.forgejoRunnerToken.file = "${inputs.self}/secrets/forgejoRunnerToken.age";
+  services.gitea-actions-runner = {
+    package = pkgs.unstable.forgejo-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://${domain}";
+      tokenFile = config.age.secrets.forgejoRunnerToken.path;
+      labels = [
+        "ubuntu-latest:docker://node:20-bookworm"
+        "ubuntu-22.04:docker://node:20-bookworm"
+      ];
+    };
+  };
+}
diff --git a/modules/retired/kavita/default.nix b/modules/retired/kavita/default.nix
new file mode 100644
index 0000000..c72aca6
--- /dev/null
+++ b/modules/retired/kavita/default.nix
@@ -0,0 +1,28 @@
+{ ... }:
+let
+  directories = [
+    "/opt/kavita"
+  ];
+in
+{
+  systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;
+  virtualisation.oci-containers.containers.kavita = {
+    image = "jvmilazz0/kavita:latest";
+    autoStart = true;
+    ports = [
+      "5000:5000"
+    ];
+    volumes = [
+      "/opt/kavita/config:/kavita/config"
+      "/lagoon/media/library/Books:/books"
+    ];
+    environment = {
+      TZ = "America/Detroit";
+    };
+  };
+
+  services.caddy.virtualHosts."library.tdback.net".extraConfig = ''
+    encode zstd gzip
+    reverse_proxy http://localhost:5000
+  '';
+}
diff --git a/modules/retired/mealie/default.nix b/modules/retired/mealie/default.nix
new file mode 100644
index 0000000..2d869ce
--- /dev/null
+++ b/modules/retired/mealie/default.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+let
+  domain = "toasted.brownbread.net";
+in
+{
+  services.mealie = {
+    enable = true;
+    package = pkgs.unstable.mealie;
+    settings = {
+      BASE_URL = domain;
+      DB_ENGINE = "sqlite";
+      ALLOW_SIGNUP = "false";
+      SECURITY_MAX_LOGIN_ATTEMPTS = 3;
+      TZ = "America/Detroit";
+    };
+  };
+
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    encode zstd gzip
+    reverse_proxy http://localhost:${builtins.toString config.services.mealie.port}
+  '';
+}
diff --git a/modules/retired/mumble/default.nix b/modules/retired/mumble/default.nix
new file mode 100644
index 0000000..29e3339
--- /dev/null
+++ b/modules/retired/mumble/default.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  services.murmur = {
+    enable = true;
+    package = pkgs.murmur;
+    port = 64738;
+    openFirewall = true;
+    environmentFile =  "/var/lib/murmur/murmurd.env";
+    password = "$MURMURD_PASSWORD";
+  };
+}
diff --git a/modules/retired/navidrome/default.nix b/modules/retired/navidrome/default.nix
new file mode 100644
index 0000000..d98117b
--- /dev/null
+++ b/modules/retired/navidrome/default.nix
@@ -0,0 +1,31 @@
+{ lib, ... }:
+let
+  directory = "/opt/navidrome";
+in
+{
+  systemd.tmpfiles.rules =
+    map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
+
+  virtualisation.oci-containers.containers.navidrome = {
+    image = "deluan/navidrome:latest";
+    autoStart = true;
+    ports = [
+      "4533:4533"
+    ];
+    volumes = [
+      "${directory}/data:/data"
+      "/lagoon/media/music:/music:ro"
+    ];
+    environment = {
+      ND_SCANSCHEDULE = "1h";
+      ND_LOGLEVEL = "info";
+      ND_SESSIONTIMEOUT = "24h";
+      ND_ENABLEUSEREDITING = "false";
+    };
+  };
+
+  services.caddy.virtualHosts."radioactive.brownbread.net".extraConfig = ''
+    encode zstd gzip
+    reverse_proxy http://localhost:4533
+  '';
+}
diff --git a/modules/retired/pihole/default.nix b/modules/retired/pihole/default.nix
new file mode 100644
index 0000000..034c91b
--- /dev/null
+++ b/modules/retired/pihole/default.nix
@@ -0,0 +1,52 @@
+{ inputs, config, lib, ... }:
+let
+  # TODO: Think about changing this to config.networking.interface...
+  # Will have to pull the first value in the list, which might be messy but it
+  # will definitely make it more producible across machines.
+  ip = "10.0.0.203";
+  interface = "eno1";
+  directory = "/opt/pihole";
+in
+{
+  systemd.tmpfiles.rules =
+    map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
+
+  virtualisation.oci-containers.containers.pihole = {
+    image = "pihole/pihole:latest";
+    autoStart = true;
+    ports = [
+      "53:53/udp"
+      "53:53/tcp"
+      "80:80/tcp"
+    ];
+    volumes = [
+      "${directory}/etc:/etc/pihole"
+      "${directory}/etc-dnsmasq.d:/etc/dnsmasq.d"
+    ];
+    environment = {
+      TZ = "America/Detroit";
+      FTLCONF_LOCAL_IPV4 = ip;
+      INTERFACE = interface;
+    };
+    extraOptions = [ "--network=host" ];
+  };
+
+  age.secrets.piholeAdminPass = {
+    file = "${inputs.self}/secrets/piholeAdminPass.age";
+    mode = "770";
+    owner = "share";
+    group = "share";
+  };
+
+  systemd.services.podman-pihole.postStart =
+    let
+      password = config.age.secrets.piholeAdminPass.path;
+    in ''
+      podman exec -it pihole pihole -a -p "$(tr -d '\n' < ${password})"
+    '';
+
+  networking.firewall = {
+    allowedTCPPorts = [ 53 80 ];
+    allowedUDPPorts = [ 53 ];
+  };
+}
diff --git a/modules/retired/stirling-pdf/default.nix b/modules/retired/stirling-pdf/default.nix
new file mode 100644
index 0000000..904fd6d
--- /dev/null
+++ b/modules/retired/stirling-pdf/default.nix
@@ -0,0 +1,23 @@
+{ ... }:
+let
+  directories = [
+    "/opt/stirling"
+  ];
+in
+{
+  systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;
+  virtualisation.oci-containers.containers.pdf-tools = {
+    image = "frooodle/s-pdf:latest";
+    autoStart = true;
+    ports = [
+      "8060:8080"
+    ];
+    volumes = [
+      "/opt/stirling/training-data:/usr/share/tesseract-ocr/4.00/tessdata"
+      "/opt/stirling/configs:/configs"
+    ];
+    environment = {
+      DOCKER_ENABLE_SECURITY = "false";
+    };
+  };
+}
diff --git a/modules/retired/xonotic/default.nix b/modules/retired/xonotic/default.nix
new file mode 100644
index 0000000..7ae5442
--- /dev/null
+++ b/modules/retired/xonotic/default.nix
@@ -0,0 +1,25 @@
+{ pkgs, ... }:
+{
+  services.xonotic = {
+    enable = true;
+    package = pkgs.xonotic-dedicated;
+    openFirewall = true;
+    settings = {
+      hostname = "tdback's Xonotic Server";
+      net_address = "0.0.0.0";
+      port = 26000;
+      sv_motd = "GLHF! Please report any issues to @tdback on irc.libera.chat";
+
+      # Specify bots and player count.
+      maxplayers = 8;
+      minplayers = 4;
+      minplayers_per_team = 2;
+
+      # Configure mutators.
+      g_instagib = 0;
+      g_grappling_hook = 1;
+      g_jetpack = 0;
+      g_vampire = 0;
+    };
+  };
+}