Cleanup

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/user/gui/firefox/default.nix

@@ -97,16 +97,10 @@ in
                       "downloads-button"
                       "privatebrowsing-button"
                     ];
-                    "toolbar-menubar" = [
-                      "menubar-items"
-                    ];
+                    "toolbar-menubar" = [ "menubar-items" ];
                     "TabsToolbar" = [ ];
-                    "vertical-tabs" = [
-                      "tabbrowser-tabs"
-                    ];
-                    "PersonalToolbar" = [
-                      "personal-bookmarks"
-                    ];
+                    "vertical-tabs" = [ "tabbrowser-tabs" ];
+                    "PersonalToolbar" = [ "personal-bookmarks" ];
                   };
                   "seen" = [
                     "wayback_machine_mozilla_org-browser-action"

hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix

@@ -13,8 +13,6 @@
 let
   selfPkgs = inputs.self.packages.${system};
   hmConfig = config.home-manager.users.${user};
-  inherit (hmConfig.virtualisation.quadlet) containers volumes networks;
-  autheliaClientId = "I2ZYDFGWP1bzfiauXe94IaiReZF6SqoEskSp6phoL2L8l16Cq7YX3Vr4pkQOSYfNDOwuFjTRIpqQ8eAqK0M93NeEgpr8YoPhKHyR";
   podman = lib.meta.getExe pkgs.podman;
   podmanAsUser = "${config.security.wrapperDir}/git-sudo -u ${user} ${podman}";
 in
@@ -65,7 +63,12 @@ in
       AuthorizedKeysCommand ${podmanAsUser} exec -i gitea gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k
   '';
 
-  home-manager.users.${user} = {
+  home-manager.users.${user} =
+    let
+      autheliaClientId = "I2ZYDFGWP1bzfiauXe94IaiReZF6SqoEskSp6phoL2L8l16Cq7YX3Vr4pkQOSYfNDOwuFjTRIpqQ8eAqK0M93NeEgpr8YoPhKHyR";
+      inherit (hmConfig.virtualisation.quadlet) containers volumes networks;
+    in
+    {
       sops = {
         secrets = {
           "gitea/postgresql".sopsFile = ../../../../../../secrets/secrets.yaml;

hosts/jupiter/users/storm/configs/console/podman/ntfy/entrypoint.sh

@@ -3,14 +3,14 @@
 mkdir -p /tmp
 PIPE=$(mktemp -u)
 mkfifo "$PIPE"
-trap 'rm -f "$PIPE"' EXIT
 
 ntfy serve > "$PIPE" 2>&1 &
 
-pid=$!
+PID=$!
 grep -q "INFO Listening on :80\[http\]" < "$PIPE"
-kill "$pid"
-wait "$pid" || true
+kill "$PID"
+wait "$PID" || true
+rm -f "$PIPE"
 
 export NTFY_PASSWORD="$NTFY_ADMIN_PASSWORD"
 ntfy user add "$NTFY_ADMIN_USER" || true

hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix

@@ -14,11 +14,11 @@ let
   selfPkgs = inputs.self.packages.${system};
   hmConfig = config.home-manager.users.${user};
   jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
-  inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
 in
 {
   boot.kernelParams = [ "psi=1" ];
 
+  # TODO: Secure with unix sockets
   # The below containers all need to run as root to collect host metrics.
   virtualisation.quadlet.containers = {
     prometheus-node-exporter.containerConfig = {
@@ -78,7 +78,11 @@ in
     };
   };
 
-  home-manager.users.${user} = {
+  home-manager.users.${user} =
+    let
+      inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
+    in
+    {
       virtualisation.quadlet = {
         networks = {
           prometheus.networkConfig.internal = true;

hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix

@@ -37,7 +37,7 @@ in
     virtualisation.quadlet = {
       networks.traefik = { };
 
-      volumes.letsencrypt = { };
+      volumes.traefik = { };
 
       containers = {
         traefik = {
@@ -53,9 +53,11 @@ in
               in
               [
                 "/run/user/${uid}/podman/podman.sock:/var/run/docker.sock"
-                "${volumes.letsencrypt.ref}:/letsencrypt"
+                "${volumes.traefik.ref}:/var/lib/traefik"
               ];
             exec = [
+              "--experimental.fastProxy"
+
               "--api.dashboard=true"
               "--api.disabledashboardad=true"
 
@@ -86,7 +88,7 @@ in
               "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
               "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
               "--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com"
-              "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+              "--certificatesresolvers.letsencrypt.acme.storage=/var/lib/traefik/acme.json"
 
               "--metrics.prometheus=true"
             ];
@@ -178,7 +180,7 @@ in
         };
 
         Install = {
-          WantedBy = [ "sockets.target" ];
+          WantedBy = [ "default.target" ];
         };
       };
 
@@ -190,7 +192,7 @@ in
         };
 
         Install = {
-          WantedBy = [ "sockets.target" ];
+          WantedBy = [ "default.target" ];
         };
       };
     };

packages/docker/mariadb/default.nix

@@ -26,7 +26,7 @@ pkgs.dockerTools.buildImage {
   };
 
   runAsRoot = ''
-    mkdir -p /var/lib/mysql /run/mysqld
+    mkdir -p /run/mysqld
   '';
 
   config = {

packages/docker/mariadb/entrypoint.sh

@@ -13,7 +13,7 @@ if [ ! -f "$DATADIR/mysql_upgrade_info" ]; then
   mariadb-install-db --datadir="$DATADIR" --skip-test-db
 
   mariadbd --user=root --datadir="$DATADIR" --skip-networking --skip-grant-tables &
-  pid="$!"
+  PID="$!"
 
   while ! mariadb --protocol=socket -e "
     FLUSH PRIVILEGES;
@@ -28,12 +28,12 @@ if [ ! -f "$DATADIR/mysql_upgrade_info" ]; then
     sleep 0.1
   done
 
-  kill -QUIT "$pid"
-  wait "$pid" || true
+  kill -QUIT "$PID"
+  wait "$PID" || true
 fi
 
-trap 'kill -QUIT "$pid"' INT
+trap 'kill -QUIT "$PID"' INT
 mariadbd --user=root --datadir="$DATADIR" "$@" &
-pid=$!
-wait "$pid"
+PID=$!
+wait "$PID"
 exit $?

packages/docker/nextcloud/entrypoint.sh

@@ -65,20 +65,20 @@ cron
 PHPRC="$(dirname "$(readlink -f "$(which php)")")/../lib/php.ini"
 export PHPRC
 
-pidfile=$(mktemp)
+PIDFILE=$(mktemp)
 
 # shellcheck disable=SC2016
 setsid sh -c '
   echo "$$" > "$1"
   shift
   exec httpd "$@"
-' _ "$pidfile" "$@" &
+' _ "$PIDFILE" "$@" &
 
-until [ -s "$pidfile" ]; do sleep 0.01; done
+until [ -s "$PIDFILE" ]; do sleep 0.01; done
 
-pid=$(cat "$pidfile")
-rm "$pidfile"
+PID=$(cat "$PIDFILE")
+rm "$PIDFILE"
 
-trap 'kill -INT "$pid"' INT
-wait "$pid"
+trap 'kill -INT "$PID"' INT
+wait "$PID"
 exit $?

packages/docker/postgresql/default.nix

@@ -30,7 +30,7 @@ pkgs.dockerTools.buildImage {
 
   runAsRoot = ''
     ${pkgs.dockerTools.shadowSetup}
-    mkdir -p /etc/postgresql /var/lib/postgresql /run/postgresql
+    mkdir -p /etc/postgresql /run/postgresql
     cp ${postgresql}/share/postgresql/postgresql.conf.sample /etc/postgresql/postgresql.conf
     ${pkgs.gnused}/bin/sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /etc/postgresql/postgresql.conf
   '';

packages/docker/postgresql/entrypoint.sh

@@ -21,7 +21,6 @@ mkfifo "$LOG_PIPE"
     fi
   done < "$LOG_PIPE"
 ) &
-LOG_PID=$!
 
 if [ ! -s "$PGDATA/PG_VERSION" ]; then
   tmpfile=$(mktemp)
@@ -42,5 +41,4 @@ if [ ! -s "$PGDATA/PG_VERSION" ]; then
   pg_ctl -m fast -w stop
 fi
 
-trap 'kill $LOG_PID' EXIT
 exec postgres -c config_file="/etc/postgresql/postgresql.conf" "$@" > "$LOG_PIPE" 2>&1

packages/docker/prometheus-fail2ban-exporter/entrypoint.sh

@@ -16,8 +16,5 @@ mkfifo "$LOG_PIPE"
     fi
   done < "$LOG_PIPE"
 ) &
-LOG_PID=$!
-
-trap 'kill $LOG_PID' EXIT
 
 exec prometheus-fail2ban-exporter "$@" > "$LOG_PIPE" 2>&1

packages/docker/prometheus-podman-exporter/entrypoint.sh

@@ -16,8 +16,5 @@ mkfifo "$LOG_PIPE"
     fi
   done < "$LOG_PIPE"
 ) &
-LOG_PID=$!
-
-trap 'kill $LOG_PID' EXIT
 
 exec prometheus-podman-exporter "$@" > "$LOG_PIPE" 2>&1