From 7d30617bb71961658c2e43d11daa69f55e6fa417 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 20 Aug 2024 02:54:33 -0400 Subject: [PATCH] Purge Bloxelcom --- PC/configuration.nix | 2 +- PC/jimbo.nix | 51 ++++---- Server/configuration.nix | 191 ++++++++++++++---------------- Server/hardware-configuration.nix | 29 +++-- 4 files changed, 128 insertions(+), 145 deletions(-) diff --git a/PC/configuration.nix b/PC/configuration.nix index 6a68e31..7bba7a5 100644 --- a/PC/configuration.nix +++ b/PC/configuration.nix @@ -97,7 +97,7 @@ in }; }; - # Add a kernel entry to boot from the secondary GPU + # Additional entry to boot from the second GPU specialisation = { gputwo.configuration = { boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; diff --git a/PC/jimbo.nix b/PC/jimbo.nix index 7eea205..7a9eeba 100644 --- a/PC/jimbo.nix +++ b/PC/jimbo.nix @@ -80,11 +80,11 @@ let rofiScripts = pkgs.writeScriptBin "rofiscripts" '' # Scratchpad function handle_scratchpads() { - SCRATCHPADS=$(echo -e "Gotop\nMusic\nAudio\nEasyEffects" | rofi -dmenu -i -p "Scratchpads") + SCRATCHPADS=$(echo -e "Gotop\nMusic\nSound\nEasyEffects" | rofi -dmenu -i -p "Scratchpads") case $SCRATCHPADS in Gotop) foot -a gotop -T Gotop gotop;; Music) foot -a music -T Music ncmpcpp;; - Audio) foot -a audio -T Audio ncpamixer;; + Sound) foot -a sound -T Sound ncpamixer;; EasyEffects) easyeffects;; esac } @@ -1192,7 +1192,7 @@ in # Scratchpads { command = "foot -a gotop -T Gotop gotop"; } { command = "foot -a music -T Music ncmpcpp"; } - { command = "foot -a audio -T Audio ncpamixer"; } + { command = "foot -a sound -T Sound ncpamixer"; } { command = "easyeffects"; } # Daemons and tray apps @@ -1543,32 +1543,31 @@ in titlebar = false; commands = [ # Scratchpads - { command = ''floating enable, sticky enable, move scratchpad, mark borderless''; - criteria = { con_mark = "scratchpad"; }; } - { command = ''mark scratchpad''; - criteria = { app_id = "gotop"; }; } - { command = ''mark scratchpad''; - criteria = { app_id = "music"; }; } - { command = ''mark scratchpad''; - criteria = { app_id = "audio"; }; } - { command = ''mark scratchpad, opacity 0.9''; - criteria = { app_id = "com.github.wwmm.easyeffects"; }; } + { criteria = { con_mark = "scratchpad"; }; + command = ''floating enable, sticky enable, move scratchpad, mark borderless''; } + { criteria = { app_id = "gotop"; }; + command = ''mark scratchpad''; } + { criteria = { app_id = "music"; }; + command = ''mark scratchpad''; } + { criteria = { app_id = "audio"; }; + command = ''mark scratchpad''; } + { criteria = { app_id = "com.github.wwmm.easyeffects"; }; + command = ''mark scratchpad, opacity 0.9''; } # Create a "Scratchpad" for apps I don't want to be seen when launched - { command = ''move scratchpad''; criteria = { con_mark = "hiddenaway"; }; } + { criteria = { con_mark = "hiddenaway"; }; command = ''move scratchpad''; } # Give apps that don't have them borders - { command = ''border pixel ${borderWeight}''; criteria = { con_mark = "borderless"; }; } - { command = ''mark borderless''; criteria = { app_id = "com.github.wwmm.easyeffects"; }; } - { command = ''mark borderless''; criteria = { class = "steam"; }; } - { command = ''mark borderless''; criteria = { app_id = "swappy"; }; } - { command = ''mark borderless''; criteria = { app_id = "virt-manager"; }; } - { command = ''mark borderless''; criteria = { window_role = "pop-up"; }; } + { criteria = { con_mark = "borderless"; }; command = ''border pixel ${borderWeight}''; } + { criteria = { app_id = "com.github.wwmm.easyeffects"; }; command = ''mark borderless''; } + { criteria = { class = "steam"; }; command = ''mark borderless''; } + { criteria = { app_id = "swappy"; }; command = ''mark borderless''; } + { criteria = { app_id = "virt-manager"; }; command = ''mark borderless''; } + { criteria = { window_role = "pop-up"; }; command = ''mark borderless''; } # Floating or fullscreen rules - { command = ''floating enable''; criteria = { app_id = "smb"; }; } - { command = ''floating enable''; criteria = { app_id = "float"; }; } - { command = ''floating enable, fullscreen enable global''; criteria = { title = "^GlobalShot"; }; } + { criteria = { app_id = "float"; }; command = ''floating enable''; } + { criteria = { title = "^GlobalShot"; }; command = ''floating enable, fullscreen enable global''; } ]; }; assigns = { @@ -1632,9 +1631,9 @@ in all-outputs = true; tooltip = false; rewrite = { - "(.*) — Firefox" = " $1"; - "Firefox" = " Firefox"; - "(.*) - YouTube — Firefox" = "󰗃 $1"; + "(.*) — LibreWolf" = " $1"; + "LibreWolf" = " Firefox"; + "(.*) - LibreWolf — Firefox" = "󰗃 $1"; }; }; diff --git a/Server/configuration.nix b/Server/configuration.nix index 111f7ea..f322e32 100644 --- a/Server/configuration.nix +++ b/Server/configuration.nix @@ -6,7 +6,6 @@ let # Define domains and ips jimDomain = ''jimbosfiles.com''; - bloxelDomain = ''bloxelcom.net''; # IPs netInt = ''eno1''; @@ -225,11 +224,36 @@ in "${jimDomain}" = { enableACME = true; addSSL = true; - locations."/" = { - extraConfig = " - return 301 https://social.${bloxelDomain}/@jimbo; - "; - }; + locations = { + "= /" = { + extraConfig = " + return 301 https://social.${jimDomain}/@jimbo; + "; + }; + "/.well-known/matrix/client" = { + extraConfig = '' + default_type application/json; + return 200 ' + { + "m.homeserver": { + "base_url": "https://matrix.${jimDomain}" + }, + "m.identity_server": { + "base_url": "https://matrix.org" + }, + "org.matrix.msc3575.proxy": { + "url": "https://matrix.${jimDomain}" + } + }'; + ''; + }; + "/.well-known/matrix/server" = { + extraConfig = '' + default_type application/json; + return 200 '{"m.server": "matrix.${jimDomain}:443"}'; + ''; + }; + }; }; # Nextcloud Proxy @@ -242,7 +266,6 @@ in location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } - location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } @@ -301,37 +324,37 @@ in }; # Matrix Proxy - "matrix.${bloxelDomain}" = { + "matrix.${jimDomain}" = { enableACME = true; forceSSL = true; locations = { "/".extraConfig = ''return 403;''; - "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009"; "/client".proxyPass = "http://127.0.0.1:8009"; "/_matrix".proxyPass = "http://127.0.0.1:8008"; + "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009"; "/_synapse/client".proxyPass = "http://127.0.0.1:8008"; }; }; # Element Proxy - "chat.${bloxelDomain}" = { + "chat.${jimDomain}" = { enableACME = true; addSSL = true; root = "${pkgs.element-web}"; }; # Coturn Proxy - "turn.${bloxelDomain}" = { + "turn.${jimDomain}" = { enableACME = true; forceSSL = true; listen = [ - { addr = "0.0.0.0"; port = 80; ssl = false; } + { addr = "0.0.0.0"; port = 80; ssl = false; } ]; locations."/".proxyPass = "http://127.0.0.1:1380"; }; # Radio Proxy - "wbxdradio.${bloxelDomain}" = { + "radio.${jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -341,7 +364,7 @@ in }; # Streaming proxy - "live.${bloxelDomain}" = { + "live.${jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -351,7 +374,7 @@ in }; # Mail certificate proxy - "mx.${bloxelDomain}" = { + "mx.${jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -361,51 +384,10 @@ in }; # Add SSL to Lemmy - "lemmy.${bloxelDomain}" = { + "lemmy.${jimDomain}" = { enableACME = true; forceSSL = true; }; - - # Staging Bloxel Proxy - "staging.${bloxelDomain}" = { - enableACME = true; - addSSL = true; - root = "/var/www/bloxelcomweb/landing-page/"; - locations = { - "/BloxelcomCable/hls" = { - extraConfig = '' - # Allow serving m3u8 files - types { - application/vnd.apple.mpegurl m3u8; - } - ''; - }; - "/.well-known/matrix/client" = { - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.${bloxelDomain}" - }, - "m.identity_server": { - "base_url": "https://matrix.${bloxelDomain}" - }, - "org.matrix.msc3575.proxy": { - "url": "https://matrix.${bloxelDomain}" - } - }'; - ''; - }; - "/.well-known/matrix/server" = { - extraConfig = '' - default_type application/json; - return 200 '{"m.server": "https://matrix.${bloxelDomain}"}'; - ''; - }; - }; - }; }; appendConfig = '' rtmp { @@ -418,7 +400,7 @@ in live on; allow play all; hls on; - hls_path /var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls; + hls_path /var/www/jimwebsite/hls; hls_fragment_naming system; hls_fragment 3; hls_playlist_length 40; @@ -445,11 +427,11 @@ in overwriteprotocol = "https"; # Mailserver settings - mail_smtphost = "mx.${bloxelDomain}"; - mail_domain = "${bloxelDomain}"; + mail_smtphost = "mx.${jimDomain}"; + mail_domain = "${jimDomain}"; mail_from_address = "noreply"; mail_smtpauth = "true"; - mail_smtpname = "noreply@${bloxelDomain}"; + mail_smtpname = "noreply@${jimDomain}"; mail_smtppassword = secrets.noreplyPassword; mail_smtpmode = "smtp"; mail_smtpport = 587; @@ -467,10 +449,10 @@ in ROCKET_LOG = "critical"; # Smtp email - SMTP_HOST = "mx.${bloxelDomain}"; - SMTP_FROM = "noreply@${bloxelDomain}"; + SMTP_HOST = "mx.${jimDomain}"; + SMTP_FROM = "noreply@${jimDomain}"; SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${bloxelDomain}"; + SMTP_USERNAME = "noreply@${jimDomain}"; SMTP_PASSWORD = secrets.noreplyPassword; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; @@ -497,8 +479,8 @@ in }; mailer = { ENABLED = true; - SMTP_ADDR = "mx.${bloxelDomain}"; - FROM = "noreply@${bloxelDomain}"; + SMTP_ADDR = "mx.${jimDomain}"; + FROM = "noreply@${jimDomain}"; PASSWD = secrets.noreplyPassword; PROTOCOL = "smtp+starttls"; SMTP_PORT = 587; @@ -514,9 +496,9 @@ in PUFFER_WEB_HOST = ":5010"; PUFFER_PANEL_SETTINGS_MASTERURL = "https://mc.${jimDomain}"; PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; - PUFFER_PANEL_EMAIL_HOST = "mx.${bloxelDomain}:587"; - PUFFER_PANEL_EMAIL_FROM = "noreply@${bloxelDomain}"; - PUFFER_PANEL_EMAIL_USERNAME = "noreply@${bloxelDomain}"; + PUFFER_PANEL_EMAIL_HOST = "mx.${jimDomain}:587"; + PUFFER_PANEL_EMAIL_FROM = "noreply@${jimDomain}"; + PUFFER_PANEL_EMAIL_USERNAME = "noreply@${jimDomain}"; PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; }; extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; @@ -562,7 +544,7 @@ in min-port = 49000; max-port = 50000; use-auth-secret = true; - realm = "turn.${bloxelDomain}"; + realm = "turn.${jimDomain}"; static-auth-secret = "will be world readable for local users :("; cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; @@ -572,8 +554,8 @@ in matrix-synapse = with config.services.coturn; { enable = true; settings = { - server_name = "${bloxelDomain}"; - public_baseurl = "https://matrix.${bloxelDomain}"; + server_name = "${jimDomain}"; + public_baseurl = "https://matrix.${jimDomain}"; suppress_key_server_warning = true; # Set the network config @@ -589,9 +571,9 @@ in # Enable smtp for password resets email = { - notif_from = "Bloxelcom's Matrix Homeserver "; - smtp_host = "mx.${bloxelDomain}"; - smtp_user = "noreply@${bloxelDomain}"; + notif_from = "Jimbo's Matrix Homeserver "; + smtp_host = "mx.${jimDomain}"; + smtp_user = "noreply@${jimDomain}"; smtp_pass = secrets.noreplyPassword; enable_tls = true; smtp_port = 587; @@ -604,7 +586,7 @@ in # Allow only this range of emails allowed_local_3pids = [{ medium = "email"; - pattern = "^[^@]+@bloxelcom\\.net$"; + pattern = "^[^@]+@jimbosfiles\\.com$"; }]; # Set the type of database @@ -619,7 +601,10 @@ in report_stats = false; # Turn settings - turn_uris = [ "turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp" ]; + turn_uris = [ + "turn:${realm}:3478?transport=udp" + "turn:${realm}:3478?transport=tcp" + ]; turn_shared_secret = static-auth-secret; turn_user_lifetime = "1h"; @@ -636,7 +621,7 @@ in in { enable = true; settings = { - SYNCV3_SERVER = "https://matrix.${bloxelDomain}"; + SYNCV3_SERVER = "https://matrix.${jimDomain}"; SYNCV3_BINDADDR = "0.0.0.0:8009"; }; environmentFile = "${matrixSecretFile}"; @@ -645,16 +630,16 @@ in # Mastodon mastodon = { enable = true; - localDomain = "social.${bloxelDomain}"; + localDomain = "social.${jimDomain}"; streamingProcesses = 4; configureNginx = true; smtp = { createLocally = false; - host = "mx.${bloxelDomain}"; + host = "mx.${jimDomain}"; port = 587; authenticate = true; - fromAddress = "noreply@${bloxelDomain}"; - user = "noreply@${bloxelDomain}"; + fromAddress = "noreply@${jimDomain}"; + user = "noreply@${jimDomain}"; passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword; }; }; @@ -665,11 +650,11 @@ in nginx.enable = true; database.createLocally = true; settings = { - hostname = "lemmy.${bloxelDomain}"; + hostname = "lemmy.${jimDomain}"; email = { - smtp_server = "mx.${bloxelDomain}:587"; - smtp_login = "noreply@${bloxelDomain}"; - smtp_from_address = "noreply@${bloxelDomain}"; + smtp_server = "mx.${jimDomain}:587"; + smtp_login = "noreply@${jimDomain}"; + smtp_from_address = "noreply@${jimDomain}"; smtp_password = secrets.noreplyPassword; tls_type = "starttls"; }; @@ -679,7 +664,7 @@ in # Roundcube mail server roundcube = { enable = true; - hostName = "mail.${bloxelDomain}"; + hostName = "mail.${jimDomain}"; extraConfig = '' $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_user'] = "%u"; @@ -700,7 +685,7 @@ in SupplementaryGroups = [ "shadow" ]; }; systemd.services.nginx.serviceConfig.ReadWritePaths = [ - "/var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls/" + "/var/www/jimwebsite/hls/" ]; # Get certificates for Coturn @@ -719,16 +704,16 @@ in nixpkgs.config.element-web.conf = { default_server_config = { "m.homeserver" = { - base_url = "https://matrix.${bloxelDomain}"; - server_name = "matrix.${bloxelDomain}"; + base_url = "https://matrix.${jimDomain}"; + server_name = "matrix.${jimDomain}"; }; }; branding = { - welcome_background_url = "https://staging.${bloxelDomain}/images/backgrounds/bloxelcom-sunset.jpg"; - auth_header_logo_url = "https://staging.${bloxelDomain}/images/logos/bloxelcom.png"; + #welcome_background_url = "https://staging.${jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; + #auth_header_logo_url = "https://staging.${jimDomain}/images/logos/bloxelcom.png"; }; embedded_pages = { - home_url = "https://www.${bloxelDomain}/"; + home_url = "https://www.${jimDomain}/"; }; disable_custom_urls = true; disable_guests = true; @@ -747,30 +732,30 @@ in mailserver = rec { enable = true; enableManageSieve = true; - domains = [ "${bloxelDomain}" ]; - fqdn = "mx.${bloxelDomain}"; + domains = [ "${jimDomain}" ]; + fqdn = "mx.${jimDomain}"; certificateScheme = "acme-nginx"; # A list of accounts. # Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { - "noreply@${bloxelDomain}" = { + "noreply@${jimDomain}" = { hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash; sendOnly = true; }; - "jimbo@${bloxelDomain}" = { + "jimbo@${jimDomain}" = { hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash; - aliases = [ "canada@${bloxelDomain}" "contact@${bloxelDomain}" ]; + aliases = [ "canada@${jimDomain}" "contact@${jimDomain}" ]; }; - "lunamoonlight@${bloxelDomain}" = { + "lunamoonlight@${jimDomain}" = { hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash; - aliases = [ "us@${bloxelDomain}" "contact@${bloxelDomain}" ]; + aliases = [ "us@${jimDomain}" "contact@${jimDomain}" ]; }; - "freecorn1854@${bloxelDomain}" = { + "freecorn1854@${jimDomain}" = { hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash; - aliases = [ "canada@${bloxelDomain}" "contact@${bloxelDomain}" ]; + aliases = [ "canada@${jimDomain}" "contact@${jimDomain}" ]; }; - "tinyattack09@${bloxelDomain}" = { + "tinyattack09@${jimDomain}" = { hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash; }; }; diff --git a/Server/hardware-configuration.nix b/Server/hardware-configuration.nix index a900dda..e3c3b26 100644 --- a/Server/hardware-configuration.nix +++ b/Server/hardware-configuration.nix @@ -16,63 +16,62 @@ device = "/dev/disk/by-uuid/2034-754A"; fsType = "vfat"; }; - "/home/jimbo/JimboNFS" = { + "/export/JimboNFS" = { device = "/dev/disk/by-uuid/713fcd92-534c-4153-8e04-e0c6fe5f6a51"; fsType = "ext4"; + noCheck = true; }; - "/export/JimboNFS" = { - device = "/home/jimbo/JimboNFS"; - fsType = "none"; - options = [ "bind" ]; - }; - "/mnt/nextcloud/data/JimboNFS" = { + "/home/jimbo/JimboNFS" = { device = "/export/JimboNFS"; fsType = "none"; options = [ "bind" ]; }; # Atrocity of var bindmounts + "/mnt/nextcloud/data/JimboNFS" = { + device = "/export/JimboNFS"; + fsType = "none"; + options = [ "bind" ]; + }; "/var/lib/bitwarden_rs" = { device = "/export/JimboNFS/System/var/lib/bitwarden_rs"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; }; "/var/lib/gitea" = { device = "/export/JimboNFS/System/var/lib/gitea"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; }; "/var/lib/matrix-synapse" = { device = "/export/JimboNFS/System/var/lib/matrix-synapse"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; }; "/var/lib/nextcloud" = { device = "/export/JimboNFS/System/var/lib/nextcloud"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; }; "/var/lib/owncast" = { device = "/export/JimboNFS/System/var/lib/owncast"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; }; - "/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = { + "/var/lib/docker/volumes/azuracast_station_data/_data/jimbops/media/Music" = { device = "/export/JimboNFS/Music"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; }; "/var/lib/private/pufferpanel/servers" = { device = "/export/JimboNFS/System/var/lib/pufferpanel/servers"; fsType = "none"; options = [ "bind" ]; - depends = [ "/export/JimboNFS" ]; + }; + "/var/lib/mastodon" = { + device = "/export/JimboNFS/System/var/lib/mastodon"; + fsType = "none"; + options = [ "bind" ]; }; }; swapDevices = [