screen capture no longer working

2026-04-14 19:10:25 +02:00
parent 8e5316761c
commit 4a62c235f1
19 changed files with 358 additions and 135 deletions
--- a/mods/fesu-services.nix
+++ b/mods/fesu-services.nix
@@ -1,8 +1,9 @@
-{ pkgs, dataDir, config, inputs, system, lib, secretsDir, ... }:
+{ pkgs, dataDir, config, inputs, system, lib, secretsDir, pkgsUnstable, ... }:

 /*

 ## ports
+## forwarded ports
 - 49001 ssh me-hosting
 - 49002 ssh ppc-hosting
 - 49003 ssh pcmc
@@ -22,22 +23,27 @@
 - 49112 mc second voice
 - 49113 mc second bedrock
 - 49114 mc lobby bedrock
+- 49115 mc nilla
+- 49116 mc nilla voice

- me hosting ports
+## non forwarded ports
+- 5000 compass-site
+- 5001 ppc-site
+
+## me hosting ports
 	- 8000 wiki site
 	- 8001 lage0 site
 	- 8002 plausible site
-	- 8003 ppc-site
 	- 8004 instant db
 	- 8005 instant webui

- ppc hosting ports
+## ppc hosting ports
  - 8000 dav
  - 8001 affine
  - 8002 git
  - 8003 git ssh

-## hosting container ips (on the interface br-proxy
+## hosting container ips (on the interface br-proxy)
  - fusu 192.168.1.2
  - me-hosting 192.168.1.20
  - ppc-hosting 192.168.1.21
@@ -71,7 +77,7 @@
    services = lib.attrsets.mergeAttrsList (serviceList ++ extraServices);
  in { inherit routers services; };

-  basicTraefikSetting = { name, domain, host, port }: let
+  basicTraefikSetting = { name, domain, host, port, extraRouterConfig ? {}, extraServiceConfig ? {},  middlewares ? [] }: let
    host_ip = 
      if host == "me-hosting" then "192.168.1.20"
      else if host == "pcmc" then "192.168.1.23"
@@ -80,12 +86,8 @@
      else host;

  in {
-    
-    impotrs = [
-      "${inputs.hetzner_ddns}/release/nixos_module.nix"
-    ];
-    
    routers.${name} = {
+      inherit middlewares;
      rule = "Host(`${domain}`)";
      service = name;
      tls = {
@@ -93,13 +95,14 @@
        domains = [
          { main = domain; }
        ];
-      };
+      } // extraRouterConfig;
    };

-    services.${name}.loadBalancer.servers = [
-      { url = "http://${host_ip}:${builtins.toString port}"; }
-    ];
-
+    services.${name} = {
+      loadBalancer.servers = [
+        { url = "http://${host_ip}:${builtins.toString port}"; }
+      ];
+    } // extraServiceConfig;
  };


@@ -230,6 +233,7 @@ in {
      imports = [
        ./fesu-hosting-base.nix
      ];
+      services.netbird.package = pkgsUnstable.netbird;
    };
  };

@@ -276,11 +280,23 @@ in {
      imports = [
        ./fesu-hosting-base.nix
      ];
+      services.netbird.package = pkgsUnstable.netbird;
      users.users.root = {
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuH2ilZeIQrr9wYtBtQyRD5oaVkuLImjm9EIGfn+wqw" # Mr3DAlien
        ];
      };
+      systemd.services.ppc = {
+        environment = {
+          MIZE_CONFIG_FILES = "/root/host/ppc-website-config.toml";
+        };
+        description = "PPC Website";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          ExecStart = "/root/host/ppc-src/target/release/ppc server";
+          Restart = "always";
+        };
+      };

    };
  };
@@ -342,11 +358,26 @@ in {
      imports = [
        ./fesu-hosting-base.nix
      ];
+      services.netbird.package = pkgsUnstable.netbird;
+
+      users.users.root.openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM82mBUZqo7nfU8XJQDoEcOa+DfQyJE7T7ddFjQVhg93 me@main"
+      ];
    };
  };


  
+  ############################ nico nfs share #########################
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /data/incus/default-pool/containers/nico/rootfs/root/work/ 100.88.0.0/16(rw,sync,no_subtree_check)
+    '';
+  };
+  # Open necessary firewall ports
+  networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
+  networking.firewall.allowedUDPPorts = [ 111 2049 20048 ];



@@ -367,16 +398,45 @@ in {
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
  };
+  
+  ############################ ppc app #########################
+  systemd.services.ppc = {
+    enable = true;
+    description = "PPC website";
+    unitConfig = {
+      Type = "simple";
+    };
+    environment = {
+      MIZE_CONFIG_FILES = "/home/server/here/ppc.toml";
+    };
+    serviceConfig = {
+      User = "server";
+      Group = "server";
+      Restart = "always";
+      RestartSec = "500s";
+      ExecStart = "/home/server/here/ppc server";
+    };
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };

  
  
  
  ############################ traefik #########################
+  # without this traefik will try to put downloaded plugins into "/plugins-storate/ which fails with permission denied"
+  systemd.services.traefik.serviceConfig.WorkingDirectory = config.services.traefik.dataDir;
  services.traefik = {
    enable = true;
    #dataDir = "${dataDir}/traefik";

    staticConfigOptions = {
+      experimental.plugins = {
+        traefikoidc = {
+          moduleName = "github.com/lukaszraczylo/traefikoidc";
+          version = "v0.7.10";
+        };
+      };

      entryPoints = {
        web = {
@@ -418,14 +478,19 @@ in {
          { name = "wiki-site"; domain = "wiki.ppc.social"; host = "me-hosting"; port = 8000; }
          { name = "lage0-site"; domain = "lage0.c2vi.dev"; host = "me-hosting"; port = 8001; }
          { name = "plausible"; domain = "plausible.c2vi.dev"; host = "me-hosting"; port = 8002; }
-          { name = "ppc-site"; domain = "ppc.social"; host = "me-hosting"; port = 8003; }
-          { name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 3000; }
+          { name = "ppc-site"; domain = "ppc.social"; host = "fesu"; port = 5001; }
+          { name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 5000; }
          { name = "dav"; domain = "dav.ppc.social"; host = "ppc-hosting"; port = 8000; }
          { name = "instant"; domain = "instant.ppc.social"; host = "me-hosting"; port = 8004; }
          { name = "instant-backend"; domain = "instant-backend.ppc.social"; host = "me-hosting"; port = 8005; }
          { name = "isotoke-website"; domain = "isotoke.ppc.social"; host = "192.168.1.26"; port = 80; }
          { name = "affine"; domain = "affine.ppc.social"; host = "ppc-hosting"; port = 8001; }
          { name = "gitea"; domain = "git.ppc.social"; host = "ppc-hosting"; port = 8002; }
+          { name = "nico"; domain = "nico.ppc.social"; host = "192.168.1.14"; port = 18789; middlewares = [ "oidc-nico" ]; }
+          #{ name = "spacetime"; domain = "spacetime.ppc.social"; host = "ppc-hosting"; port = 8005; extraRouterConfig = {
+        #   rule = "Host(`spacetime.ppc.social`) && PathPrefix(`/v1/database`)";
+      #   };
+          #}
        ]

        # extraRouters (full configs)
@@ -434,7 +499,17 @@ in {

        # extraServices (full configs)
        [
-        ]);
+        ])
+      // {
+        middlewares.oidc-nico.plugin.traefikoidc = {
+          providerURL = "https://auth.ppc.social";
+          callbackURL = "/oauth2/callback";
+          clientSecret = builtins.readFile "${secretsDir}/nico-oidc-secret";
+          clientID = "361779269791186947";
+          sessionEncryptionKey = builtins.readFile "${secretsDir}/nico-session-encryption-key";
+          logLevel = "debug";
+        };
+      };

    };
  };