Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Purge Bloxelcom

Browse source
This commit is contained in:
Jimbo 2024-08-20 02:54:33 -04:00
parent bdd47c9572
commit 7d30617bb7
4 changed files with 128 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
PC/configuration.nix
View file

@ -97,7 +97,7 @@ in
};
};
# Add a kernel entry to boot from the secondary GPU
# Additional entry to boot from the second GPU
specialisation = {
gputwo.configuration = {
boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];

51
PC/jimbo.nix
View file

@ -80,11 +80,11 @@ let
rofiScripts = pkgs.writeScriptBin "rofiscripts" ''
# Scratchpad function
handle_scratchpads() {
SCRATCHPADS=$(echo -e "Gotop\nMusic\nAudio\nEasyEffects" | rofi -dmenu -i -p "Scratchpads")
SCRATCHPADS=$(echo -e "Gotop\nMusic\nSound\nEasyEffects" | rofi -dmenu -i -p "Scratchpads")
case $SCRATCHPADS in
Gotop) foot -a gotop -T Gotop gotop;;
Music) foot -a music -T Music ncmpcpp;;
Audio) foot -a audio -T Audio ncpamixer;;
Sound) foot -a sound -T Sound ncpamixer;;
EasyEffects) easyeffects;;
esac
}
@ -1192,7 +1192,7 @@ in
# Scratchpads
{ command = "foot -a gotop -T Gotop gotop"; }
{ command = "foot -a music -T Music ncmpcpp"; }
{ command = "foot -a audio -T Audio ncpamixer"; }
{ command = "foot -a sound -T Sound ncpamixer"; }
{ command = "easyeffects"; }
# Daemons and tray apps
@ -1543,32 +1543,31 @@ in
titlebar = false;
commands = [
# Scratchpads
{ command = ''floating enable, sticky enable, move scratchpad, mark borderless'';
criteria = { con_mark = "scratchpad"; }; }
{ command = ''mark scratchpad'';
criteria = { app_id = "gotop"; }; }
{ command = ''mark scratchpad'';
criteria = { app_id = "music"; }; }
{ command = ''mark scratchpad'';
criteria = { app_id = "audio"; }; }
{ command = ''mark scratchpad, opacity 0.9'';
criteria = { app_id = "com.github.wwmm.easyeffects"; }; }
{ criteria = { con_mark = "scratchpad"; };
command = ''floating enable, sticky enable, move scratchpad, mark borderless''; }
{ criteria = { app_id = "gotop"; };
command = ''mark scratchpad''; }
{ criteria = { app_id = "music"; };
command = ''mark scratchpad''; }
{ criteria = { app_id = "audio"; };
command = ''mark scratchpad''; }
{ criteria = { app_id = "com.github.wwmm.easyeffects"; };
command = ''mark scratchpad, opacity 0.9''; }
# Create a "Scratchpad" for apps I don't want to be seen when launched
{ command = ''move scratchpad''; criteria = { con_mark = "hiddenaway"; }; }
{ criteria = { con_mark = "hiddenaway"; }; command = ''move scratchpad''; }
# Give apps that don't have them borders
{ command = ''border pixel ${borderWeight}''; criteria = { con_mark = "borderless"; }; }
{ command = ''mark borderless''; criteria = { app_id = "com.github.wwmm.easyeffects"; }; }
{ command = ''mark borderless''; criteria = { class = "steam"; }; }
{ command = ''mark borderless''; criteria = { app_id = "swappy"; }; }
{ command = ''mark borderless''; criteria = { app_id = "virt-manager"; }; }
{ command = ''mark borderless''; criteria = { window_role = "pop-up"; }; }
{ criteria = { con_mark = "borderless"; }; command = ''border pixel ${borderWeight}''; }
{ criteria = { app_id = "com.github.wwmm.easyeffects"; }; command = ''mark borderless''; }
{ criteria = { class = "steam"; }; command = ''mark borderless''; }
{ criteria = { app_id = "swappy"; }; command = ''mark borderless''; }
{ criteria = { app_id = "virt-manager"; }; command = ''mark borderless''; }
{ criteria = { window_role = "pop-up"; }; command = ''mark borderless''; }
# Floating or fullscreen rules
{ command = ''floating enable''; criteria = { app_id = "smb"; }; }
{ command = ''floating enable''; criteria = { app_id = "float"; }; }
{ command = ''floating enable, fullscreen enable global''; criteria = { title = "^GlobalShot"; }; }
{ criteria = { app_id = "float"; }; command = ''floating enable''; }
{ criteria = { title = "^GlobalShot"; }; command = ''floating enable, fullscreen enable global''; }
];
};
assigns = {
@ -1632,9 +1631,9 @@ in
all-outputs = true;
tooltip = false;
rewrite = {
"(.*) Firefox" = " $1";
"Firefox" = " Firefox";
"(.*) - YouTube Firefox" = "󰗃 $1";
"(.*) LibreWolf" = " $1";
"LibreWolf" = " Firefox";
"(.*) - LibreWolf Firefox" = "󰗃 $1";
};
};

183
Server/configuration.nix
View file

@ -6,7 +6,6 @@ let
# Define domains and ips
jimDomain = ''jimbosfiles.com'';
bloxelDomain = ''bloxelcom.net'';
# IPs
netInt = ''eno1'';
@ -225,11 +224,36 @@ in
"${jimDomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
locations = {
"= /" = {
extraConfig = "
return 301 https://social.${bloxelDomain}/@jimbo;
return 301 https://social.${jimDomain}/@jimbo;
";
};
"/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${jimDomain}"
},
"m.identity_server": {
"base_url": "https://matrix.org"
},
"org.matrix.msc3575.proxy": {
"url": "https://matrix.${jimDomain}"
}
}';
'';
};
"/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 '{"m.server": "matrix.${jimDomain}:443"}';
'';
};
};
};
# Nextcloud Proxy
@ -242,7 +266,6 @@ in
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
@ -301,27 +324,27 @@ in
};
# Matrix Proxy
"matrix.${bloxelDomain}" = {
"matrix.${jimDomain}" = {
enableACME = true;
forceSSL = true;
locations = {
"/".extraConfig = ''return 403;'';
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
"/client".proxyPass = "http://127.0.0.1:8009";
"/_matrix".proxyPass = "http://127.0.0.1:8008";
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
};
};
# Element Proxy
"chat.${bloxelDomain}" = {
"chat.${jimDomain}" = {
enableACME = true;
addSSL = true;
root = "${pkgs.element-web}";
};
# Coturn Proxy
"turn.${bloxelDomain}" = {
"turn.${jimDomain}" = {
enableACME = true;
forceSSL = true;
listen = [
@ -331,7 +354,7 @@ in
};
# Radio Proxy
"wbxdradio.${bloxelDomain}" = {
"radio.${jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
@ -341,7 +364,7 @@ in
};
# Streaming proxy
"live.${bloxelDomain}" = {
"live.${jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
@ -351,7 +374,7 @@ in
};
# Mail certificate proxy
"mx.${bloxelDomain}" = {
"mx.${jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
@ -361,51 +384,10 @@ in
};
# Add SSL to Lemmy
"lemmy.${bloxelDomain}" = {
"lemmy.${jimDomain}" = {
enableACME = true;
forceSSL = true;
};
# Staging Bloxel Proxy
"staging.${bloxelDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/bloxelcomweb/landing-page/";
locations = {
"/BloxelcomCable/hls" = {
extraConfig = ''
# Allow serving m3u8 files
types {
application/vnd.apple.mpegurl m3u8;
}
'';
};
"/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${bloxelDomain}"
},
"m.identity_server": {
"base_url": "https://matrix.${bloxelDomain}"
},
"org.matrix.msc3575.proxy": {
"url": "https://matrix.${bloxelDomain}"
}
}';
'';
};
"/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 '{"m.server": "https://matrix.${bloxelDomain}"}';
'';
};
};
};
};
appendConfig = ''
rtmp {
@ -418,7 +400,7 @@ in
live on;
allow play all;
hls on;
hls_path /var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls;
hls_path /var/www/jimwebsite/hls;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
@ -445,11 +427,11 @@ in
overwriteprotocol = "https";
# Mailserver settings
mail_smtphost = "mx.${bloxelDomain}";
mail_domain = "${bloxelDomain}";
mail_smtphost = "mx.${jimDomain}";
mail_domain = "${jimDomain}";
mail_from_address = "noreply";
mail_smtpauth = "true";
mail_smtpname = "noreply@${bloxelDomain}";
mail_smtpname = "noreply@${jimDomain}";
mail_smtppassword = secrets.noreplyPassword;
mail_smtpmode = "smtp";
mail_smtpport = 587;
@ -467,10 +449,10 @@ in
ROCKET_LOG = "critical";
# Smtp email
SMTP_HOST = "mx.${bloxelDomain}";
SMTP_FROM = "noreply@${bloxelDomain}";
SMTP_HOST = "mx.${jimDomain}";
SMTP_FROM = "noreply@${jimDomain}";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@${bloxelDomain}";
SMTP_USERNAME = "noreply@${jimDomain}";
SMTP_PASSWORD = secrets.noreplyPassword;
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
@ -497,8 +479,8 @@ in
};
mailer = {
ENABLED = true;
SMTP_ADDR = "mx.${bloxelDomain}";
FROM = "noreply@${bloxelDomain}";
SMTP_ADDR = "mx.${jimDomain}";
FROM = "noreply@${jimDomain}";
PASSWD = secrets.noreplyPassword;
PROTOCOL = "smtp+starttls";
SMTP_PORT = 587;
@ -514,9 +496,9 @@ in
PUFFER_WEB_HOST = ":5010";
PUFFER_PANEL_SETTINGS_MASTERURL = "https://mc.${jimDomain}";
PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
PUFFER_PANEL_EMAIL_HOST = "mx.${bloxelDomain}:587";
PUFFER_PANEL_EMAIL_FROM = "noreply@${bloxelDomain}";
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${bloxelDomain}";
PUFFER_PANEL_EMAIL_HOST = "mx.${jimDomain}:587";
PUFFER_PANEL_EMAIL_FROM = "noreply@${jimDomain}";
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${jimDomain}";
PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
};
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
@ -562,7 +544,7 @@ in
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
realm = "turn.${bloxelDomain}";
realm = "turn.${jimDomain}";
static-auth-secret = "will be world readable for local users :(";
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
@ -572,8 +554,8 @@ in
matrix-synapse = with config.services.coturn; {
enable = true;
settings = {
server_name = "${bloxelDomain}";
public_baseurl = "https://matrix.${bloxelDomain}";
server_name = "${jimDomain}";
public_baseurl = "https://matrix.${jimDomain}";
suppress_key_server_warning = true;
# Set the network config
@ -589,9 +571,9 @@ in
# Enable smtp for password resets
email = {
notif_from = "Bloxelcom's Matrix Homeserver <noreply@bloxelcom.net>";
smtp_host = "mx.${bloxelDomain}";
smtp_user = "noreply@${bloxelDomain}";
notif_from = "Jimbo's Matrix Homeserver <noreply@${jimDomain}>";
smtp_host = "mx.${jimDomain}";
smtp_user = "noreply@${jimDomain}";
smtp_pass = secrets.noreplyPassword;
enable_tls = true;
smtp_port = 587;
@ -604,7 +586,7 @@ in
# Allow only this range of emails
allowed_local_3pids = [{
medium = "email";
pattern = "^[^@]+@bloxelcom\\.net$";
pattern = "^[^@]+@jimbosfiles\\.com$";
}];
# Set the type of database
@ -619,7 +601,10 @@ in
report_stats = false;
# Turn settings
turn_uris = [ "turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp" ];
turn_uris = [
"turn:${realm}:3478?transport=udp"
"turn:${realm}:3478?transport=tcp"
];
turn_shared_secret = static-auth-secret;
turn_user_lifetime = "1h";
@ -636,7 +621,7 @@ in
in {
enable = true;
settings = {
SYNCV3_SERVER = "https://matrix.${bloxelDomain}";
SYNCV3_SERVER = "https://matrix.${jimDomain}";
SYNCV3_BINDADDR = "0.0.0.0:8009";
};
environmentFile = "${matrixSecretFile}";
@ -645,16 +630,16 @@ in
# Mastodon
mastodon = {
enable = true;
localDomain = "social.${bloxelDomain}";
localDomain = "social.${jimDomain}";
streamingProcesses = 4;
configureNginx = true;
smtp = {
createLocally = false;
host = "mx.${bloxelDomain}";
host = "mx.${jimDomain}";
port = 587;
authenticate = true;
fromAddress = "noreply@${bloxelDomain}";
user = "noreply@${bloxelDomain}";
fromAddress = "noreply@${jimDomain}";
user = "noreply@${jimDomain}";
passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword;
};
};
@ -665,11 +650,11 @@ in
nginx.enable = true;
database.createLocally = true;
settings = {
hostname = "lemmy.${bloxelDomain}";
hostname = "lemmy.${jimDomain}";
email = {
smtp_server = "mx.${bloxelDomain}:587";
smtp_login = "noreply@${bloxelDomain}";
smtp_from_address = "noreply@${bloxelDomain}";
smtp_server = "mx.${jimDomain}:587";
smtp_login = "noreply@${jimDomain}";
smtp_from_address = "noreply@${jimDomain}";
smtp_password = secrets.noreplyPassword;
tls_type = "starttls";
};
@ -679,7 +664,7 @@ in
# Roundcube mail server
roundcube = {
enable = true;
hostName = "mail.${bloxelDomain}";
hostName = "mail.${jimDomain}";
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
@ -700,7 +685,7 @@ in
SupplementaryGroups = [ "shadow" ];
};
systemd.services.nginx.serviceConfig.ReadWritePaths = [
"/var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls/"
"/var/www/jimwebsite/hls/"
];
# Get certificates for Coturn
@ -719,16 +704,16 @@ in
nixpkgs.config.element-web.conf = {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.${bloxelDomain}";
server_name = "matrix.${bloxelDomain}";
base_url = "https://matrix.${jimDomain}";
server_name = "matrix.${jimDomain}";
};
};
branding = {
welcome_background_url = "https://staging.${bloxelDomain}/images/backgrounds/bloxelcom-sunset.jpg";
auth_header_logo_url = "https://staging.${bloxelDomain}/images/logos/bloxelcom.png";
#welcome_background_url = "https://staging.${jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
#auth_header_logo_url = "https://staging.${jimDomain}/images/logos/bloxelcom.png";
};
embedded_pages = {
home_url = "https://www.${bloxelDomain}/";
home_url = "https://www.${jimDomain}/";
};
disable_custom_urls = true;
disable_guests = true;
@ -747,30 +732,30 @@ in
mailserver = rec {
enable = true;
enableManageSieve = true;
domains = [ "${bloxelDomain}" ];
fqdn = "mx.${bloxelDomain}";
domains = [ "${jimDomain}" ];
fqdn = "mx.${jimDomain}";
certificateScheme = "acme-nginx";
# A list of accounts.
# Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"noreply@${bloxelDomain}" = {
"noreply@${jimDomain}" = {
hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash;
sendOnly = true;
};
"jimbo@${bloxelDomain}" = {
"jimbo@${jimDomain}" = {
hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash;
aliases = [ "canada@${bloxelDomain}" "contact@${bloxelDomain}" ];
aliases = [ "canada@${jimDomain}" "contact@${jimDomain}" ];
};
"lunamoonlight@${bloxelDomain}" = {
"lunamoonlight@${jimDomain}" = {
hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash;
aliases = [ "us@${bloxelDomain}" "contact@${bloxelDomain}" ];
aliases = [ "us@${jimDomain}" "contact@${jimDomain}" ];
};
"freecorn1854@${bloxelDomain}" = {
"freecorn1854@${jimDomain}" = {
hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash;
aliases = [ "canada@${bloxelDomain}" "contact@${bloxelDomain}" ];
aliases = [ "canada@${jimDomain}" "contact@${jimDomain}" ];
};
"tinyattack09@${bloxelDomain}" = {
"tinyattack09@${jimDomain}" = {
hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash;
};
};

29
Server/hardware-configuration.nix
View file

@ -16,63 +16,62 @@
device = "/dev/disk/by-uuid/2034-754A";
fsType = "vfat";
};
"/home/jimbo/JimboNFS" = {
"/export/JimboNFS" = {
device = "/dev/disk/by-uuid/713fcd92-534c-4153-8e04-e0c6fe5f6a51";
fsType = "ext4";
noCheck = true;
};
"/export/JimboNFS" = {
device = "/home/jimbo/JimboNFS";
fsType = "none";
options = [ "bind" ];
};
"/mnt/nextcloud/data/JimboNFS" = {
"/home/jimbo/JimboNFS" = {
device = "/export/JimboNFS";
fsType = "none";
options = [ "bind" ];
};
# Atrocity of var bindmounts
"/mnt/nextcloud/data/JimboNFS" = {
device = "/export/JimboNFS";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/bitwarden_rs" = {
device = "/export/JimboNFS/System/var/lib/bitwarden_rs";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/gitea" = {
device = "/export/JimboNFS/System/var/lib/gitea";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/matrix-synapse" = {
device = "/export/JimboNFS/System/var/lib/matrix-synapse";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/nextcloud" = {
device = "/export/JimboNFS/System/var/lib/nextcloud";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/owncast" = {
device = "/export/JimboNFS/System/var/lib/owncast";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = {
"/var/lib/docker/volumes/azuracast_station_data/_data/jimbops/media/Music" = {
device = "/export/JimboNFS/Music";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/private/pufferpanel/servers" = {
device = "/export/JimboNFS/System/var/lib/pufferpanel/servers";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/mastodon" = {
device = "/export/JimboNFS/System/var/lib/mastodon";
fsType = "none";
options = [ "bind" ];
};
};
swapDevices = [