From c2d9b77eefe5e4852718e9d093aa4e3c15897f6b Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Wed, 18 Sep 2024 18:45:33 -0500
Subject: [PATCH] moved defiant server configuration to server folder

---
 enviroments/server/default.nix  | 58 +++++++++++++++++++++-
 hosts/defiant/configuration.nix | 87 +--------------------------------
 2 files changed, 58 insertions(+), 87 deletions(-)

diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix
index 861f142..d3e9d63 100644
--- a/enviroments/server/default.nix
+++ b/enviroments/server/default.nix
@@ -1,7 +1,63 @@
-{ pkgs, ... }:
+{ config, ... }:
 {
   imports = [
     ../common
   ];
 
+  services = let
+    headscaleDomain = "headscale.jan-leila.com";
+  in {
+    nfs.server = {
+      enable = true;
+      exports = ''
+        /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+        /home/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+        /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+        /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+      '';
+    };
+
+    headscale = {
+      enable = true;
+      address = "0.0.0.0";
+      port = 8080;
+      settings = {
+        server_url = "https://${headscaleDomain}";
+        dns_config.base_domain = "jan-leila.com";
+        logtail.enabled = false;
+      };
+    };
+
+    nginx = {
+      enable = false; # TODO: enable this when you want to test all the configs
+      virtualHosts = {
+        ${headscaleDomain} = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass =
+              "http://localhost:${toString config.services.headscale.port}";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "jan-leila@protonmail.com";
+  };
+
+  # disable computer sleeping
+  systemd.targets = {
+    sleep.enable = false;
+    suspend.enable = false;
+    hibernate.enable = false;
+    hybrid-sleep.enable = false;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2049 ];
+
+  environment.systemPackages = [ config.services.headscale.package ];
 }
\ No newline at end of file
diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index 9e4a1e6..d2b1348 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -20,14 +20,9 @@
     efiInstallAsRemovable = true;
   };
 
-  virtualisation.docker.enable = true;
-  users.extraGroups.docker.members = [ "leyla" ];
-
   nixpkgs.config.allowUnfree = true;
 
-  services = let
-    headscaleDomain = "headscale.jan-leila.com";
-  in {
+  services = {
     zfs = {
       autoScrub.enable = true;
       autoSnapshot.enable = true;
@@ -50,87 +45,7 @@
       # Get rid of xTerm
       excludePackages = [ pkgs.xterm ];
     };
-
-    nfs.server = {
-      enable = true;
-      exports = ''
-        /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check)
-
-        /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide)
-        /srv/nfs4/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-        /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-        
-        # /export         192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check)
-        # /export/kotomi  192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-        # /export/mafuyu  192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-        # /export/sen     192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-        # /export/tomoyo  192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-      '';
-    };
-
-    headscale = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 8080;
-      settings = {
-        server_url = "https://${headscaleDomain}";
-        dns_config.base_domain = "jan-leila.com";
-        logtail.enabled = false;
-      };
-    };
-
-    nginx = {
-      enable = false; # TODO: enable this when you want to test all the configs
-      virtualHosts = {
-        ${headscaleDomain} = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass =
-              "http://localhost:${toString config.services.headscale.port}";
-            proxyWebsockets = true;
-          };
-        };
-      };
-    };
   };
-    
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "jan-leila@protonmail.com";
-  };
-
-  # disable computer sleeping
-  systemd.targets = {
-    sleep.enable = false;
-    suspend.enable = false;
-    hibernate.enable = false;
-    hybrid-sleep.enable = false;
-  };
-
-  fileSystems = {
-    "/srv/nfs4/docker" = {
-      device = "/home/docker";
-      options = [ "bind" ];
-    };
-
-    "/srv/nfs4/users" = {
-      device = "/home/users";
-      options = [ "bind" ];
-    };
-
-    "/srv/nfs4/leyla" = {
-      device = "/home/leyla";
-      options = [ "bind" ];
-    };
-
-    "/srv/nfs4/eve" = {
-      device = "/home/eve";
-      options = [ "bind" ];
-    };
-  };
-
-  environment.systemPackages = [ config.services.headscale.package ];
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions