screen capture no longer working

mods/fesu-hosting-base.nix

@@ -34,6 +34,7 @@
   ];
   services.openssh = {
       enable = true;
+      ports = [ 9000 ];
       # require public key authentication for better security
       settings.PasswordAuthentication = false;
       settings.KbdInteractiveAuthentication = false;
@@ -45,6 +46,21 @@
         X11UseLocalhost no
       '';
   };
+  
+  ##### Netbird Configuration
+	services.netbird.clients.ppc = {
+     #login = {
+       #enable = true;
+       #setupKeyFile = "${secretsDir}/netbird-setup-key";
+       #};
+     port = 51821;
+     ui.enable = false;
+     openFirewall = true;
+     #openInternalFirewall = true;
+   };
+   networking.firewall.trustedInterfaces = [
+     "nb-ppc"
+   ];
 
   /*
   system.activationScripts.addDefaultRoute = {

mods/fesu-services.nix

@@ -1,8 +1,9 @@
-{ pkgs, dataDir, config, inputs, system, lib, secretsDir, ... }:
+{ pkgs, dataDir, config, inputs, system, lib, secretsDir, pkgsUnstable, ... }:
 
  /*
 
 ## ports
+## forwarded ports
 - 49001 ssh me-hosting
 - 49002 ssh ppc-hosting
 - 49003 ssh pcmc
@@ -22,22 +23,27 @@
 - 49112 mc second voice
 - 49113 mc second bedrock
 - 49114 mc lobby bedrock
+- 49115 mc nilla
+- 49116 mc nilla voice
 
-- me hosting ports
+## non forwarded ports
+- 5000 compass-site
+- 5001 ppc-site
+
+## me hosting ports
 	- 8000 wiki site
 	- 8001 lage0 site
 	- 8002 plausible site
-	- 8003 ppc-site
 	- 8004 instant db
 	- 8005 instant webui
 
-- ppc hosting ports
+## ppc hosting ports
   - 8000 dav
   - 8001 affine
   - 8002 git
   - 8003 git ssh
 
-## hosting container ips (on the interface br-proxy
+## hosting container ips (on the interface br-proxy)
   - fusu 192.168.1.2
   - me-hosting 192.168.1.20
   - ppc-hosting 192.168.1.21
@@ -71,7 +77,7 @@
     services = lib.attrsets.mergeAttrsList (serviceList ++ extraServices);
   in { inherit routers services; };
 
-  basicTraefikSetting = { name, domain, host, port }: let
+  basicTraefikSetting = { name, domain, host, port, extraRouterConfig ? {}, extraServiceConfig ? {},  middlewares ? [] }: let
     host_ip = 
       if host == "me-hosting" then "192.168.1.20"
       else if host == "pcmc" then "192.168.1.23"
@@ -80,12 +86,8 @@
       else host;
 
   in {
-    
-    impotrs = [
-      "${inputs.hetzner_ddns}/release/nixos_module.nix"
-    ];
-    
     routers.${name} = {
+      inherit middlewares;
       rule = "Host(`${domain}`)";
       service = name;
       tls = {
@@ -93,13 +95,14 @@
         domains = [
           { main = domain; }
         ];
-      };
+      } // extraRouterConfig;
     };
 
-    services.${name}.loadBalancer.servers = [
-      { url = "http://${host_ip}:${builtins.toString port}"; }
-    ];
-
+    services.${name} = {
+      loadBalancer.servers = [
+        { url = "http://${host_ip}:${builtins.toString port}"; }
+      ];
+    } // extraServiceConfig;
   };
 
 
@@ -230,6 +233,7 @@ in {
       imports = [
         ./fesu-hosting-base.nix
       ];
+      services.netbird.package = pkgsUnstable.netbird;
     };
   };
 
@@ -276,11 +280,23 @@ in {
       imports = [
         ./fesu-hosting-base.nix
       ];
+      services.netbird.package = pkgsUnstable.netbird;
       users.users.root = {
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuH2ilZeIQrr9wYtBtQyRD5oaVkuLImjm9EIGfn+wqw" # Mr3DAlien
         ];
       };
+      systemd.services.ppc = {
+        environment = {
+          MIZE_CONFIG_FILES = "/root/host/ppc-website-config.toml";
+        };
+        description = "PPC Website";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          ExecStart = "/root/host/ppc-src/target/release/ppc server";
+          Restart = "always";
+        };
+      };
 
     };
   };
@@ -342,11 +358,26 @@ in {
       imports = [
         ./fesu-hosting-base.nix
       ];
+      services.netbird.package = pkgsUnstable.netbird;
+
+      users.users.root.openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM82mBUZqo7nfU8XJQDoEcOa+DfQyJE7T7ddFjQVhg93 me@main"
+      ];
     };
   };
 
 
   
+  ############################ nico nfs share #########################
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /data/incus/default-pool/containers/nico/rootfs/root/work/ 100.88.0.0/16(rw,sync,no_subtree_check)
+    '';
+  };
+  # Open necessary firewall ports
+  networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
+  networking.firewall.allowedUDPPorts = [ 111 2049 20048 ];
 
 
 
@@ -367,16 +398,45 @@ in {
     wantedBy = [ "multi-user.target" ];
     after = [ "network.target" ];
   };
+  
+  ############################ ppc app #########################
+  systemd.services.ppc = {
+    enable = true;
+    description = "PPC website";
+    unitConfig = {
+      Type = "simple";
+    };
+    environment = {
+      MIZE_CONFIG_FILES = "/home/server/here/ppc.toml";
+    };
+    serviceConfig = {
+      User = "server";
+      Group = "server";
+      Restart = "always";
+      RestartSec = "500s";
+      ExecStart = "/home/server/here/ppc server";
+    };
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
 
   
   
   
   ############################ traefik #########################
+  # without this traefik will try to put downloaded plugins into "/plugins-storate/ which fails with permission denied"
+  systemd.services.traefik.serviceConfig.WorkingDirectory = config.services.traefik.dataDir;
   services.traefik = {
     enable = true;
     #dataDir = "${dataDir}/traefik";
 
     staticConfigOptions = {
+      experimental.plugins = {
+        traefikoidc = {
+          moduleName = "github.com/lukaszraczylo/traefikoidc";
+          version = "v0.7.10";
+        };
+      };
 
       entryPoints = {
         web = {
@@ -418,14 +478,19 @@ in {
           { name = "wiki-site"; domain = "wiki.ppc.social"; host = "me-hosting"; port = 8000; }
           { name = "lage0-site"; domain = "lage0.c2vi.dev"; host = "me-hosting"; port = 8001; }
           { name = "plausible"; domain = "plausible.c2vi.dev"; host = "me-hosting"; port = 8002; }
-          { name = "ppc-site"; domain = "ppc.social"; host = "me-hosting"; port = 8003; }
-          { name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 3000; }
+          { name = "ppc-site"; domain = "ppc.social"; host = "fesu"; port = 5001; }
+          { name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 5000; }
           { name = "dav"; domain = "dav.ppc.social"; host = "ppc-hosting"; port = 8000; }
           { name = "instant"; domain = "instant.ppc.social"; host = "me-hosting"; port = 8004; }
           { name = "instant-backend"; domain = "instant-backend.ppc.social"; host = "me-hosting"; port = 8005; }
           { name = "isotoke-website"; domain = "isotoke.ppc.social"; host = "192.168.1.26"; port = 80; }
           { name = "affine"; domain = "affine.ppc.social"; host = "ppc-hosting"; port = 8001; }
           { name = "gitea"; domain = "git.ppc.social"; host = "ppc-hosting"; port = 8002; }
+          { name = "nico"; domain = "nico.ppc.social"; host = "192.168.1.14"; port = 18789; middlewares = [ "oidc-nico" ]; }
+          #{ name = "spacetime"; domain = "spacetime.ppc.social"; host = "ppc-hosting"; port = 8005; extraRouterConfig = {
+        #   rule = "Host(`spacetime.ppc.social`) && PathPrefix(`/v1/database`)";
+      #   };
+          #}
         ]
 
         # extraRouters (full configs)
@@ -434,7 +499,17 @@ in {
 
         # extraServices (full configs)
         [
-        ]);
+        ])
+      // {
+        middlewares.oidc-nico.plugin.traefikoidc = {
+          providerURL = "https://auth.ppc.social";
+          callbackURL = "/oauth2/callback";
+          clientSecret = builtins.readFile "${secretsDir}/nico-oidc-secret";
+          clientID = "361779269791186947";
+          sessionEncryptionKey = builtins.readFile "${secretsDir}/nico-session-encryption-key";
+          logLevel = "debug";
+        };
+      };
 
     };
   };

mods/fusu-services.nix

@@ -1,4 +1,14 @@
-{ pkgs, dataDir, config, inputs, system, ... }: let
+{ pkgs, dataDir, config, inputs, system, secretsDir, ... }: let
+
+#################################### ports ##############################
+# 49388 ssh
+# 8001 backup-c2vi
+# 8002 backup-mom
+# 8003 backup-dad
+# 8004 backup-brother
+# 9001 fwin vnc
+# 9002 fwin rdp
+# 9003 fwin ssh
 
   /**
     thanks: @melektron
@@ -16,10 +26,26 @@
       ${pkgs.lib.getExe inputs.arion.packages."${system}".arion} --prebuilt-file ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml} $@
     ''
   );
+  
+  backupContainers = configs: builtins.listToAttrs (map (config: {
+    name = config.name;
+    # virtualisation.arion.projects.backup.services.settings = 
+    value.service = {
+        image = "restic/rest-server";
+        volumes = [ "/data/backups/${config.name}:/data" ];
+        ports = [ "${builtins.toString config.port}:8000" ];
+        environment.OPTIONS = "--debug";
+      };
+  }) configs);
 
 in {
+  
+  imports = [
+    inputs.arion.nixosModules.arion
+  ];
 
   environment.systemPackages = [
+    (createArionServiceManager "backup" "")
     pkgs.arion
 
     # Do install the docker CLI to talk to podman.
@@ -40,9 +66,14 @@ in {
 
   virtualisation.arion = {
     backend = "podman-socket";
-
-
   };
-
+  
+  virtualisation.arion.projects.backup.serviceName = "backup";
+  virtualisation.arion.projects.backup.settings.services = backupContainers [
+    { name = "c2vi"; port = 8001; }
+    { name = "mom"; port = 8002; }
+    { name = "dad"; port = 8003; }
+    { name = "brother"; port = 8004; }
+  ];
 
 }