Separate some more files and extrapolate more non-secrets

2024-10-29 01:07:07 -04:00 · 2024-10-29 01:07:07 -04:00 · 7f512583e0
parent 83796f7cb2
commit 7f512583e0
9 changed files with 122 additions and 103 deletions
--- a/modules/system/devices/networking/wireguard/pc/default.nix
+++ b/modules/system/devices/networking/wireguard/pc/default.nix
@ -11,9 +11,9 @@
      privateKey = config.secrets.wgClientPriv;
      peers = [
        {
-          publicKey = config.secrets.wgServerPub;
+          publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
          allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
-          endpoint = "sv.${config.secrets.jimDomain}:51820";
+          endpoint = "sv.${config.domains.jim1}:51820";
          persistentKeepalive = 25;
        }
      ];
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@ -17,14 +17,14 @@
        listenPort = 51820;
        privateKey = config.secrets.wgServerPriv;
        peers = [
-          { # Jimbo Pixel 9
-            publicKey = config.secrets.wgPixel9Pub;
-            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
-          }
-          { # General Nix
-            publicKey = config.secrets.wgClientPub;
+          { # NixOS
+            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
            allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
          }
+          { # Pixel 9
+            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
+            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
+          }
        ];
      };
    };
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@ -1,45 +1,31 @@
 { pkgs, config, ... }:
 {
-  services = {
-    nextcloud = {
-      enable = true;
-      package = pkgs.nextcloud29;
-      hostName = "cloud.${config.domains.jim1}";
-      datadir = "/mnt/nextcloud";
-      https = true;
-      config = {
-        adminuser = "jimbo";
-        adminpassFile = "/mnt/nextcloud/password.txt";
-      };
-      settings = {
-        trusted_proxies = [ "127.0.0.1" ];
-        trusted_domains = [ "cloud.${config.domains.jim1}" ];
-        overwriteprotocol = "https";
-        mail_smtphost = "mx.${config.domains.jim1}";
-        mail_domain = "${config.domains.jim1}";
-        mail_from_address = "noreply";
-        mail_smtpauth = "true";
-        mail_smtpname = "noreply@${config.domains.jim1}";
-        mail_smtppassword = config.secrets.noreplyPassword;
-        mail_smtpmode = "smtp";
-        mail_smtpport = 587;
-      };
-    };
+  imports = [
+    ./nginx
+  ];

-    nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
-      enableACME = true;
-      addSSL = true;
-      locations."/" = {
-        proxyWebsockets = true;
-        extraConfig = "
-         location /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
-          }
-          location /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
-          }
-       ";
-      };
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud29;
+    hostName = "cloud.${config.domains.jim1}";
+    datadir = "/mnt/nextcloud";
+    https = true;
+    config = {
+      adminuser = "jimbo";
+      adminpassFile = "/mnt/nextcloud/password.txt";
+    };
+    settings = {
+      trusted_proxies = [ "127.0.0.1" ];
+      trusted_domains = [ "cloud.${config.domains.jim1}" ];
+      overwriteprotocol = "https";
+      mail_smtphost = "mx.${config.domains.jim1}";
+      mail_domain = "${config.domains.jim1}";
+      mail_from_address = "noreply";
+      mail_smtpauth = "true";
+      mail_smtpname = "noreply@${config.domains.jim1}";
+      mail_smtppassword = config.secrets.noreplyPassword;
+      mail_smtpmode = "smtp";
+      mail_smtpport = 587;
    };
  };
 }
--- a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
@ -0,0 +1,18 @@
+{ pkgs, config, ... }:
+{
+  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
+    enableACME = true;
+    addSSL = true;
+    locations."/" = {
+      proxyWebsockets = true;
+      extraConfig = "
+       location /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+     ";
+    };
+  };
+}
--- a/modules/system/services/server/fileserver/public/photoprism/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/default.nix
@ -1,5 +1,9 @@
 { config, ... }:
 {
+  imports = [
+    ./nginx
+  ];
+
  services = {
    photoprism = {
      enable = true;
--- a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  services.nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:2342";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@ -2,64 +2,34 @@
 {
  imports = [
    ./nginx
+    ./liquidsoap
  ];

-  services = {
-    icecast = {
-      enable = true;
-      listen.port = 265;
-      hostname = "icecast.${config.domains.jim1}";
-      admin = {
-        user = "jimbo";
-        password = "${config.secrets.castAdminPass}";
-      };
-      extraConf = ''
-        <authentication>
-          <source-password>${config.secrets.castSourcePass}</source-password>
-        </authentication>
-        
-        <location>Canada</location>
-        <admin>jimbo@${config.domains.jim2}</admin>
-        
-        <mount type="normal">
-          <mount-name>/jimbops.opus</mount-name>
-          <stream-name>JimBops Radio</stream-name>
-          <stream-description>Music gathered by me, Jimbo.</stream-description>
-          <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
-          <genre>Anything</genre>
-          <type>application/ogg</type>
-          <subtype>vorbis</subtype>
-        </mount>
-      '';
-    };
-
-    # The audio stream
-    liquidsoap.streams = {
-      jimbops = pkgs.writeText "liquidjim" ''
-        settings.log.stdout.set(true)
-        settings.init.allow_root.set(true)
-        settings.scheduler.fast_queues.set(2)
-        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
-        
-        # Define the source with random playlist
-        jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
-        
-        # Ensure the stream never stops
-        jimbops_fallback = fallback([jimbops, jimbops])
-        
-        # Output configuration to Icecast
-        output.icecast(
-	  %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
-          host="127.0.0.1",
-          port=265,
-          password="${config.secrets.castSourcePass}",
-          public=true,
-          icy_metadata=["artist", "title"],
-          mount="jimbops.opus",
-	  encoding = "UTF-8",
-          jimbops_fallback
-        )
-      '';
+  services.icecast = {
+    enable = true;
+    listen.port = 265;
+    hostname = "icecast.${config.domains.jim1}";
+    admin = {
+      user = "jimbo";
+      password = "${config.secrets.castAdminPass}";
    };
+    extraConf = ''
+      <authentication>
+        <source-password>${config.secrets.castSourcePass}</source-password>
+      </authentication>
+      
+      <location>Canada</location>
+      <admin>jimbo@${config.domains.jim2}</admin>
+      
+      <mount type="normal">
+        <mount-name>/jimbops.opus</mount-name>
+        <stream-name>JimBops Radio</stream-name>
+        <stream-description>Music gathered by me, Jimbo.</stream-description>
+        <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
+        <genre>Anything</genre>
+        <type>application/ogg</type>
+        <subtype>vorbis</subtype>
+      </mount>
+    '';
  };
 }
--- a/modules/system/services/server/icecast/liquidsoap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@ -0,0 +1,30 @@
+{ pkgs, config, ... }:
+{
+  services.liquidsoap.streams = {
+    jimbops = pkgs.writeText "liquidjim" ''
+      settings.log.stdout.set(true)
+      settings.init.allow_root.set(true)
+      settings.scheduler.fast_queues.set(2)
+      settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
+      
+      # Define the source with random playlist
+      jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
+      
+      # Ensure the stream never stops
+      jimbops_fallback = fallback([jimbops, jimbops])
+      
+      # Output configuration to Icecast
+      output.icecast(
+        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+        host="127.0.0.1",
+        port=265,
+        password="${config.secrets.castSourcePass}",
+        public=true,
+        icy_metadata=["artist", "title"],
+        mount="jimbops.opus",
+        encoding = "UTF-8",
+        jimbops_fallback
+      )
+    '';
+  };
+}
--- a/variables/secrets/default.nix
+++ b/variables/secrets/default.nix