13 files changed, 75 insertions, 84 deletions

diff --git a/Com/Simatime/chat.nix b/Com/Simatime/Cloud/chat.nix
index e23b73e..e23b73e 100644
--- a/Com/Simatime/chat.nix
+++ b/Com/Simatime/Cloud/chat.nix
diff --git a/Com/Simatime/git.nix b/Com/Simatime/Cloud/git.nix
index 51e46b6..4cdaa28 100644
--- a/Com/Simatime/git.nix
+++ b/Com/Simatime/Cloud/git.nix
@@ -12,7 +12,7 @@
       extraGitoliteRc = ''
         $RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
       '';
-      adminPubkey = builtins.readFile ./keys/ben.pub;
+      adminPubkey = builtins.readFile ../keys/ben.pub;
     };
   };
 }
diff --git a/Com/Simatime/hardware.nix b/Com/Simatime/Cloud/hardware.nix
index 8c88cb7..8c88cb7 100644
--- a/Com/Simatime/hardware.nix
+++ b/Com/Simatime/Cloud/hardware.nix
diff --git a/Com/Simatime/mail.nix b/Com/Simatime/Cloud/mail.nix
index 81bddc2..81bddc2 100644
--- a/Com/Simatime/mail.nix
+++ b/Com/Simatime/Cloud/mail.nix
diff --git a/Com/Simatime/networking.nix b/Com/Simatime/Cloud/networking.nix
index 60d8ebf..0df42e3 100644
--- a/Com/Simatime/networking.nix
+++ b/Com/Simatime/Cloud/networking.nix
@@ -2,8 +2,7 @@
 
 {
   networking = {
-    hostName = "simatime";
-    domain = "simatime.com";
+
     firewall = {
       allowedTCPPorts = [ 22 80 443 ];
       allowPing = true;
diff --git a/Com/Simatime/web.nix b/Com/Simatime/Cloud/web.nix
index 22d7199..22d7199 100644
--- a/Com/Simatime/web.nix
+++ b/Com/Simatime/Cloud/web.nix
diff --git a/Com/Simatime/znc.nix b/Com/Simatime/Cloud/znc.nix
index 9b1a28d..9b1a28d 100644
--- a/Com/Simatime/znc.nix
+++ b/Com/Simatime/Cloud/znc.nix
diff --git a/Com/Simatime/dev/configuration.nix b/Com/Simatime/Dev/configuration.nix
index 3b69f6f..1322de7 100644
--- a/Com/Simatime/dev/configuration.nix
+++ b/Com/Simatime/Dev/configuration.nix
@@ -2,28 +2,28 @@
 
 let
   murmurPort = 64738;
+  torrents = { from = 6000; to = 6999; }
 in {
   networking = {
-    hostName = "lithium";
     hosts = {
       "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
     };
 
     firewall = {
       allowedTCPPorts = [
-        22 8000 8443 443 8080 8081 # std
+        22 8000 8443 443 8080 8081 # standard ports
         500 10000 # no idea
-        8096 # emby
+        8096 # emby/jellyfin
         8112 # deluge
         murmurPort
       ];
       allowedTCPPortRanges = [
         { from = 3000; to = 3100; } # dev stuff
-        { from = 6000; to = 6999; } # torrents
+        torrents
       ];
       allowedUDPPorts = [ murmurPort ];
       allowedUDPPortRanges = [
-        { from = 6000; to = 6999; } # torrents
+        torrents
       ];
       checkReversePath = false;
     };
@@ -97,9 +97,6 @@ in {
     };
   };
 
-  # https://github.com/NixOS/nixpkgs/issues/53985
-  systemd.services.gitlab-runner.path = ["/run/wrappers"];
-
   services = {
     pcscd.enable = true;
     logind = {
@@ -107,15 +104,6 @@ in {
       extraConfig = "IdleAction=ignore";
     };
 
-    # runner for hero ci
-    gitlab-runner = {
-      packages = [ pkgs.bash pkgs.git pkgs.python3 ];
-      enable = true;
-      gracefulTimeout = "2min";
-      gracefulTermination = true;
-      configFile = "/home/ben/gitlab-runner.toml";
-    };
-
     deluge = {
       enable = true;
       openFilesLimit = 10240;
diff --git a/Com/Simatime/dev/hardware.nix b/Com/Simatime/Dev/hardware.nix
index fc0e7a0..fc0e7a0 100644
--- a/Com/Simatime/dev/hardware.nix
+++ b/Com/Simatime/Dev/hardware.nix
diff --git a/Com/Simatime/buildOS.nix b/Com/Simatime/buildOS.nix
index 52aa51a..b2fc928 100644
--- a/Com/Simatime/buildOS.nix
+++ b/Com/Simatime/buildOS.nix
@@ -29,6 +29,8 @@ let
     nix.optimise.automatic = true;
     nix.optimise.dates = [ "Sunday 02:30" ];
     nixpkgs.overlays = [ bizpkgs ];
+    programs.mosh.enable = true;
+    programs.mosh.withUtempter = true;
     security.acme.email = "ben@bsima.me";
     security.acme.acceptTerms = true;
     security.sudo.wheelNeedsPassword = false;
@@ -44,9 +46,6 @@ let
     #services.tinc.networks.simatime-vpn.interfaceType = "tap";
     #services.tinc.networks.simatime-vpn.hosts = import ./vpnHosts.nix;
     system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
-    users.motd = "\n\n\twelcome to the simatime network\n\n\n";
-    users.users =  import ./users.nix;
-    users.mutableUsers = false;
   };
   os = nixos {
     system = "x86_64-linux";
diff --git a/Com/Simatime/users.nix b/Com/Simatime/users.nix
index c951c8e..ea2ef74 100644
--- a/Com/Simatime/users.nix
+++ b/Com/Simatime/users.nix
@@ -1,28 +1,37 @@
-{ #
-  # bots
-  #
-  deploy = {
-    isNormalUser = true;
-    home = "/home/deploy";
-    openssh.authorizedKeys.keyFiles = [ ./keys/deploy.pub ];
-    extraGroups = [ "wheel" ];
-  };
-  #
-  # humans
-  #
-  root.openssh.authorizedKeys.keyFiles = [ ./keys/ben.pub ];
-  ben = {
-    description = "Ben Sima";
-    isNormalUser = true;
-    home = "/home/ben";
-    openssh.authorizedKeys.keyFiles = [ ./keys/ben.pub ];
-    extraGroups = [ "wheel" "networkmanager" "docker" ];
-  };
-  nick = {
-    description = "Nick Sima";
-    isNormalUser = true;
-    home = "/home/nick";
-    openssh.authorizedKeys.keyFiles = [ ./keys/nick.pub ];
-    extraGroups = [ "docker" ];
+{ config, ... }:
+
+{
+  users.motd = '''
+    welcome to the simatime network
+    ${config.networking.hostName}
+  '';
+  users.mutableUsers = false;
+  users.users = { #
+    # bots
+    #
+    deploy = {
+      isNormalUser = true;
+      home = "/home/deploy";
+      openssh.authorizedKeys.keyFiles = [ ./keys/deploy.pub ];
+      extraGroups = [ "wheel" ];
+    };
+    #
+    # humans
+    #
+    root.openssh.authorizedKeys.keyFiles = [ ./keys/ben.pub ];
+    ben = {
+      description = "Ben Sima";
+      isNormalUser = true;
+      home = "/home/ben";
+      openssh.authorizedKeys.keyFiles = [ ./keys/ben.pub ];
+      extraGroups = [ "wheel" "networkmanager" "docker" ];
+    };
+    nick = {
+      description = "Nick Sima";
+      isNormalUser = true;
+      home = "/home/nick";
+      openssh.authorizedKeys.keyFiles = [ ./keys/nick.pub ];
+      extraGroups = [ "docker" ];
+    };
   };
 }
diff --git a/default.nix b/default.nix
index 0dca989..5199252 100644
--- a/default.nix
+++ b/default.nix
@@ -12,43 +12,49 @@ let
     sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
   };
 in rec {
-  Com.Simatime.cloud = buildOS {
+  # Cloud infrastructure, always online. Mostly for messaging-related
+  # stuff.
+  #
+  Com.Simatime.Cloud = buildOS {
     enableVpn = true;
     ipAddress = "159.89.128.69";
     vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv";
     vpnEd25519PrivateKeyFile = "/etc/tinc/ed25519_key.priv";
     configuration = {
       imports = [
-        ./Com/Simatime/hardware.nix
-        ./Com/Simatime/networking.nix
         ./Com/Simatime/packages.nix
-        ./Com/Simatime/git.nix
-        ./Com/Simatime/mail.nix
-        ./Com/Simatime/web.nix
-        ./Com/Simatime/chat.nix
-        ./Com/Simatime/znc.nix
+        ./Com/Simatime/users.nix
+        ./Com/Simatime/Cloud/chat.nix
+        ./Com/Simatime/Cloud/git.nix
+        ./Com/Simatime/Cloud/hardware.nix
+        ./Com/Simatime/Cloud/mail.nix
+        ./Com/Simatime/Cloud/networking.nix
+        ./Com/Simatime/Cloud/web.nix
+        ./Com/Simatime/Cloud/znc.nix
         nixos-mailserver
       ];
-      programs.mosh = {
-        enable = true;
-        withUtempter = true;
-      };
+      networking.hostName = "simatime";
+      networking.domain = "simatime.com";
     };
   };
-  Com.Simatime.dev = buildOS {
+  # Dev machine for work and building stuff.
+  #
+  Com.Simatime.Dev = buildOS {
     enableVpn = true;
     ipAddress = "69.181.254.154";
-    vpnConnectTo = "com.simatime";
-    vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv";
-    vpnEd25519PrivateKeyFile = "/etc/tinc/ed25519_key.priv";
     configuration = {
       imports = [
         ./Com/Simatime/packages.nix
-        ./Com/Simatime/dev/hardware.nix
-        ./Com/Simatime/dev/configuration.nix
+        ./Com/Simatime/users.nix
+        ./Com/Simatime/Dev/configuration.nix
+        ./Com/Simatime/Dev/hardware.nix
       ];
+      networking.hostName = "lithium";
+      networking.domain = "dev.simatime.com";
     };
   };
+  # Serval is the production server for apps
+  #
   Com.Simatime.Serval = buildOS {
     deps = { que-server = Run.Que.Server; };
     configuration = {
@@ -56,24 +62,14 @@ in rec {
         ./Com/Simatime/packages.nix
         ./Com/Simatime/Serval/hardware.nix
         ./Com/Simatime/Serval/networking.nix
-        ./Run/Que/service.nix
         ./Com/Simatime/Serval/configuration.nix
+        ./Run/Que/service.nix
       ];
-      networking.hostName = "serval.simatime.com";
+      networking.hostName = "serval";
+      networking.domain = "serval.simatime.com";
       boot.enableContainers = true;
     };
   };
-  Com.InfluencedByBooks.os = buildOS {
-    configuration = {
-      imports = [
-        ./Com/InfluencedByBooks/service.nix
-        ./Com/Simatime/packages.nix
-      ];
-      nixpkgs.config.allowUnfree = true;
-      boot.isContainer = true;
-      networking.useDHCP = false;
-    };
-  };
   Com.InfluencedByBooks.Server = buildGhc {
     name = "Com.InfluencedByBooks.Server";
     nick = "ibb";
diff --git a/push-all b/push-all
index aea8588..cc89338 100755
--- a/push-all
+++ b/push-all
@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
-bild Com.Simatime
-push Com.Simatime simatime.com
+./bild Com.Simatime.Cloud
+./push Com.Simatime.Cloud simatime.com
 
-bild Com.Simatime.dev
-push Com.Simatime.dev dev.simatime.com
+./bild Com.Simatime.Dev
+./push Com.Simatime.Dev dev.simatime.com
 
 # these are todos: