Separate some more files and extrapolate more non-secrets

2024-10-29 01:07:07 -04:00 · 2024-10-29 01:07:07 -04:00 · 7f512583e0
parent 83796f7cb2
commit 7f512583e0
9 changed files with 122 additions and 103 deletions
--- a/modules/system/devices/networking/wireguard/pc/default.nix
+++ b/modules/system/devices/networking/wireguard/pc/default.nix
@ -11,9 +11,9 @@
      privateKey = config.secrets.wgClientPriv;
      peers = [
        {
-          publicKey = config.secrets.wgServerPub;
+          publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
          allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
-          endpoint = "sv.${config.secrets.jimDomain}:51820";
+          endpoint = "sv.${config.domains.jim1}:51820";
          persistentKeepalive = 25;
        }
      ];
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@ -17,14 +17,14 @@
        listenPort = 51820;
        privateKey = config.secrets.wgServerPriv;
        peers = [
-          { # Jimbo Pixel 9
+          { # NixOS
-            publicKey = config.secrets.wgPixel9Pub;
+            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
          }
          { # General Nix
            publicKey = config.secrets.wgClientPub;
            allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
          }
          { # Pixel 9
            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
          }
        ];
      };
    };
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@ -1,45 +1,31 @@
 { pkgs, config, ... }:
 {
-  services = {
+  imports = [
-    nextcloud = {
+    ./nginx
-      enable = true;
+  ];
      package = pkgs.nextcloud29;
      hostName = "cloud.${config.domains.jim1}";
      datadir = "/mnt/nextcloud";
      https = true;
      config = {
        adminuser = "jimbo";
        adminpassFile = "/mnt/nextcloud/password.txt";
      };
      settings = {
        trusted_proxies = [ "127.0.0.1" ];
        trusted_domains = [ "cloud.${config.domains.jim1}" ];
        overwriteprotocol = "https";
        mail_smtphost = "mx.${config.domains.jim1}";
        mail_domain = "${config.domains.jim1}";
        mail_from_address = "noreply";
        mail_smtpauth = "true";
        mail_smtpname = "noreply@${config.domains.jim1}";
        mail_smtppassword = config.secrets.noreplyPassword;
        mail_smtpmode = "smtp";
        mail_smtpport = 587;
      };
    };
-    nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
+  services.nextcloud = {
-      enableACME = true;
+    enable = true;
-      addSSL = true;
+    package = pkgs.nextcloud29;
-      locations."/" = {
+    hostName = "cloud.${config.domains.jim1}";
-        proxyWebsockets = true;
+    datadir = "/mnt/nextcloud";
-        extraConfig = "
+    https = true;
-         location /.well-known/carddav {
+    config = {
-            return 301 $scheme://$host/remote.php/dav;
+      adminuser = "jimbo";
-          }
+      adminpassFile = "/mnt/nextcloud/password.txt";
-          location /.well-known/caldav {
+    };
-            return 301 $scheme://$host/remote.php/dav;
+    settings = {
-          }
+      trusted_proxies = [ "127.0.0.1" ];
-       ";
+      trusted_domains = [ "cloud.${config.domains.jim1}" ];
-      };
+      overwriteprotocol = "https";
      mail_smtphost = "mx.${config.domains.jim1}";
      mail_domain = "${config.domains.jim1}";
      mail_from_address = "noreply";
      mail_smtpauth = "true";
      mail_smtpname = "noreply@${config.domains.jim1}";
      mail_smtppassword = config.secrets.noreplyPassword;
      mail_smtpmode = "smtp";
      mail_smtpport = 587;
    };
  };
 }
--- a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
@ -0,0 +1,18 @@
 { pkgs, config, ... }:
 {
  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
    enableACME = true;
    addSSL = true;
    locations."/" = {
      proxyWebsockets = true;
      extraConfig = "
       location /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
        }
        location /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
        }
     ";
    };
  };
 }
--- a/modules/system/services/server/fileserver/public/photoprism/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/default.nix
@ -1,5 +1,9 @@
 { config, ... }:
 {
  imports = [
    ./nginx
  ];
  services = {
    photoprism = {
      enable = true;
--- a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
@ -0,0 +1,11 @@
 { config, ... }:
 {
  services.nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:2342";
      proxyWebsockets = true;
    };
  };
 }
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@ -2,64 +2,34 @@
 {
  imports = [
    ./nginx
    ./liquidsoap
  ];
-  services = {
+  services.icecast = {
-    icecast = {
+    enable = true;
-      enable = true;
+    listen.port = 265;
-      listen.port = 265;
+    hostname = "icecast.${config.domains.jim1}";
-      hostname = "icecast.${config.domains.jim1}";
+    admin = {
-      admin = {
+      user = "jimbo";
-        user = "jimbo";
+      password = "${config.secrets.castAdminPass}";
        password = "${config.secrets.castAdminPass}";
      };
      extraConf = ''
        <authentication>
          <source-password>${config.secrets.castSourcePass}</source-password>
        </authentication>
        <location>Canada</location>
        <admin>jimbo@${config.domains.jim2}</admin>
        <mount type="normal">
          <mount-name>/jimbops.opus</mount-name>
          <stream-name>JimBops Radio</stream-name>
          <stream-description>Music gathered by me, Jimbo.</stream-description>
          <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
          <genre>Anything</genre>
          <type>application/ogg</type>
          <subtype>vorbis</subtype>
        </mount>
      '';
    };
    extraConf = ''
      <authentication>
        <source-password>${config.secrets.castSourcePass}</source-password>
      </authentication>
-    # The audio stream
+      <location>Canada</location>
-    liquidsoap.streams = {
+      <admin>jimbo@${config.domains.jim2}</admin>
      jimbops = pkgs.writeText "liquidjim" ''
        settings.log.stdout.set(true)
        settings.init.allow_root.set(true)
        settings.scheduler.fast_queues.set(2)
        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
-        # Define the source with random playlist
+      <mount type="normal">
-        jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
+        <mount-name>/jimbops.opus</mount-name>
-        
+        <stream-name>JimBops Radio</stream-name>
-        # Ensure the stream never stops
+        <stream-description>Music gathered by me, Jimbo.</stream-description>
-        jimbops_fallback = fallback([jimbops, jimbops])
+        <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
-        
+        <genre>Anything</genre>
-        # Output configuration to Icecast
+        <type>application/ogg</type>
-        output.icecast(
+        <subtype>vorbis</subtype>
-	  %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+      </mount>
-          host="127.0.0.1",
+    '';
          port=265,
          password="${config.secrets.castSourcePass}",
          public=true,
          icy_metadata=["artist", "title"],
          mount="jimbops.opus",
 	  encoding = "UTF-8",
          jimbops_fallback
        )
      '';
    };
  };
 }
--- a/modules/system/services/server/icecast/liquidsoap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@ -0,0 +1,30 @@
 { pkgs, config, ... }:
 {
  services.liquidsoap.streams = {
    jimbops = pkgs.writeText "liquidjim" ''
      settings.log.stdout.set(true)
      settings.init.allow_root.set(true)
      settings.scheduler.fast_queues.set(2)
      settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
      # Define the source with random playlist
      jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
      # Ensure the stream never stops
      jimbops_fallback = fallback([jimbops, jimbops])
      # Output configuration to Icecast
      output.icecast(
        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
        host="127.0.0.1",
        port=265,
        password="${config.secrets.castSourcePass}",
        public=true,
        icy_metadata=["artist", "title"],
        mount="jimbops.opus",
        encoding = "UTF-8",
        jimbops_fallback
      )
    '';
  };
 }
--- a/variables/secrets/default.nix
+++ b/variables/secrets/default.nix