Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add more feddy services

Browse source
This commit is contained in:
Jimbo 2024-07-30 08:54:11 -04:00
parent cb4928cd6b
commit 8eb0724768
2 changed files with 146 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

181
Server/configuration.nix
View file

@ -21,6 +21,12 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
./jimbo.nix ./jimbo.nix
"${homeManager}/nixos" "${homeManager}/nixos"
# Mail server import
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-24.05/nixos-mailserver-nixos-24.05.tar.gz";
sha256 = "0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
})
]; ];
# Allow unfree packages # Allow unfree packages
@ -68,14 +74,15 @@ in
"$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0"; "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuCYrIZlD6LNpFh3XTYbXaPQWYysr1oZAX4DL3gF28l jimbo@DV-JHAMPTON"
]; ];
extraGroups = [ "wheel" "docker" ]; extraGroups = [ "wheel" "docker" ];
uid = 1000; uid = 1000;
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
# Add Nginx to the Turnserver group # Add Nginx to extra groups
users.users.nginx.extraGroups = [ "turnserver" ]; users.users.nginx.extraGroups = [ "turnserver" "virtualMail" ];
# Installed programs to the system profile. # Installed programs to the system profile.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -100,7 +107,7 @@ in
2049 2049
# Nginx # Nginx
80 443 8448 80 443
# Minecraft # Minecraft
25565 19132 25565 19132
@ -151,6 +158,7 @@ in
iptables -A INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN iptables -A INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN
iptables -A RTMPCHAIN -s ${pc} -j ACCEPT iptables -A RTMPCHAIN -s ${pc} -j ACCEPT
iptables -A RTMPCHAIN -s 71.87.124.226 -j ACCEPT iptables -A RTMPCHAIN -s 71.87.124.226 -j ACCEPT
iptables -A RTMPCHAIN -s 24.66.98.13 -j ACCEPT
iptables -A RTMPCHAIN -j DROP iptables -A RTMPCHAIN -j DROP
'' + '' +
@ -169,10 +177,6 @@ in
# Disallow pinging this server # Disallow pinging this server
allowPing = false; allowPing = false;
}; };
nameservers = [
"1.1.1.1"
"9.9.9.9"
];
}; };
# Boot with compatibility for IP forwarding # Boot with compatibility for IP forwarding
@ -206,14 +210,16 @@ in
nfs.server = { nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
/export/JimboNFS ${localspan}.0/24(rw,nohide,insecure,no_subtree_check) /export/JimboNFS ${localspan}.0/24(rw,no_subtree_check)
''; '';
}; };
# Nginx reverse proxy # Nginx reverse proxy
nginx = { nginx = {
enable = true; enable = true;
package = (pkgs.nginxMainline.override { modules = [ pkgs.nginxModules.rtmp ]; }); package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -224,7 +230,6 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = " extraConfig = "
location /.well-known/carddav { location /.well-known/carddav {
@ -248,7 +253,6 @@ in
}; };
}; };
# Recipes Proxy # Recipes Proxy
"recipes.${jimdomain}" = { "recipes.${jimdomain}" = {
enableACME = true; enableACME = true;
@ -283,17 +287,8 @@ in
"matrix.${bloxeldomain}" = { "matrix.${bloxeldomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
listen = [
{ addr = "[::]"; port = 80; ssl = false; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{ addr = "[::]"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "[::]"; port = 8448; ssl = true; }
{ addr = "0.0.0.0"; port = 8448; ssl = true; }
];
locations."/_matrix".proxyPass = "http://[::1]:8008"; locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse".proxyPass = "http://[::1]:8008"; locations."/_synapse".proxyPass = "http://[::1]:8008";
locations."/.well-known".proxyPass = "http://[::1]:8008";
}; };
# Element Proxy # Element Proxy
@ -334,32 +329,69 @@ in
}; };
}; };
# Mail certificate proxy
"mx.${bloxeldomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:1390";
proxyWebsockets = true;
};
};
# Add SSL to Lemmy
"lemmy.${bloxeldomain}" = {
enableACME = true;
forceSSL = true;
};
# Staging Bloxel Proxy # Staging Bloxel Proxy
"staging.${bloxeldomain}" = { "staging.${bloxeldomain}" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/bloxel-landing-page"; root = "/var/www/bloxelcomweb/landing-page/";
locations."/bloxcable/hls" = { locations."/BloxelcomCable/hls" = {
extraConfig = '' extraConfig = ''
# Disable cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
# Allow serving m3u8 files
types { types {
application/vnd.apple.mpegurl m3u8; application/vnd.apple.mpegurl m3u8;
} }
''; '';
}; };
locations."/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.server": "matrix.${bloxeldomain}:443"}';
'';
};
locations."/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 '{"m.server": "matrix.${bloxeldomain}:443"}';
'';
};
}; };
}; };
appendConfig = '' appendConfig = ''
rtmp { rtmp {
server { server {
listen 1945; listen 1935;
chunk_size 4096; chunk_size 4096;
allow publish all; allow publish all;
application BloxelesteCA { application stream {
record off; record off;
live on; live on;
deny play all; deny play all;
hls on; hls on;
hls_path /var/www/bloxel-landing-page/bloxcable/hls; hls_path /var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls;
hls_fragment_naming system; hls_fragment_naming system;
hls_fragment 3; hls_fragment 3;
hls_playlist_length 40; hls_playlist_length 40;
@ -373,7 +405,7 @@ in
nextcloud = { nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud29; package = pkgs.nextcloud29;
hostName = "localhost"; hostName = "cloud.${jimdomain}";
datadir = "/mnt/nextcloud"; datadir = "/mnt/nextcloud";
https = true; https = true;
config = { config = {
@ -387,11 +419,6 @@ in
}; };
}; };
# Force Nextcloud to use a different port
nginx.virtualHosts."localhost" = {
listen = [ { addr = "127.0.0.1"; port = 8080; } ];
};
# Vaultwarden password manager # Vaultwarden password manager
vaultwarden = { vaultwarden = {
enable = true; enable = true;
@ -429,6 +456,7 @@ in
owncast = { owncast = {
enable = true; enable = true;
port = 8060; port = 8060;
rtmp-port = 1945;
listen = "0.0.0.0"; listen = "0.0.0.0";
}; };
@ -449,10 +477,11 @@ in
# Synapse for Matrix clients # Synapse for Matrix clients
matrix-synapse = with config.services.coturn; { matrix-synapse = with config.services.coturn; {
enable = true; enable = true;
extraConfigFiles = [ "/etc/matrix-synapse/conf.d/email-conf.yaml" ];
settings = { settings = {
server_name = "matrix.${bloxeldomain}"; server_name = "${bloxeldomain}";
public_baseurl = "https://matrix.${bloxeldomain}"; public_baseurl = "https://matrix.${bloxeldomain}";
serve_server_wellknown = true; suppress_key_server_warning = true;
# Set the network config # Set the network config
listeners = [{ listeners = [{
@ -470,7 +499,6 @@ in
# Allow account registration # Allow account registration
enable_registration = true; enable_registration = true;
registration_requires_token = true;
# General settings # General settings
url_preview_enabled = true; url_preview_enabled = true;
@ -487,15 +515,64 @@ in
}; };
}; };
# Mastodon
mastodon = {
enable = true;
localDomain = "social.${bloxeldomain}";
streamingProcesses = 4;
configureNginx = true;
smtp = {
host = "mx.${bloxeldomain}";
port = 587;
authenticate = true;
user = "noreply@${bloxeldomain}";
passwordFile = "/var/lib/mastodon/secrets/smtp-password";
fromAddress = "noreply@${bloxeldomain}";
createLocally = false;
};
};
# Try Lemmy
lemmy = {
enable = true;
nginx.enable = true;
database.createLocally = true;
settings = {
hostname = "lemmy.${bloxeldomain}";
email = {
smtp_server = "mx.${bloxeldomain}:587";
smtp_login = "noreply@${bloxeldomain}";
smtp_from_address = "noreply@${bloxeldomain}";
tls_type = "starttls";
};
};
smtpPasswordFile = "/var/lib/mastodon/secrets/smtp-password";
};
# Snowflake proxy for Tor # Snowflake proxy for Tor
snowflake-proxy.enable = true; snowflake-proxy.enable = true;
# Fix a nonbuilding issue # Fix a nonbuilding issue
logrotate.checkConfig = false; logrotate.checkConfig = false;
# Try roundcube
roundcube = {
enable = true;
hostName = "mail.${bloxeldomain}";
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
}; };
# Make Nginx not shit itself # Make Nginx not shit itself
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/bloxel-landing-page/bloxcable/hls/" ]; security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "shadow" ];
};
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls/" ];
# Get certificates for Coturn # Get certificates for Coturn
security.acme = { security.acme = {
@ -518,8 +595,8 @@ in
}; };
}; };
branding = { branding = {
welcome_background_url = "https://images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com/f/6658b953-7c85-4d44-9d97-d10a52d54af1/dhqaf1r-5402b859-340f-44cb-bfc6-eef5d541ae7d.png?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1cm46YXBwOjdlMGQxODg5ODIyNjQzNzNhNWYwZDQxNWVhMGQyNmUwIiwiaXNzIjoidXJuOmFwcDo3ZTBkMTg4OTgyMjY0MzczYTVmMGQ0MTVlYTBkMjZlMCIsIm9iaiI6W1t7InBhdGgiOiJcL2ZcLzY2NThiOTUzLTdjODUtNGQ0NC05ZDk3LWQxMGE1MmQ1NGFmMVwvZGhxYWYxci01NDAyYjg1OS0zNDBmLTQ0Y2ItYmZjNi1lZWY1ZDU0MWFlN2QucG5nIn1dXSwiYXVkIjpbInVybjpzZXJ2aWNlOmZpbGUuZG93bmxvYWQiXX0.jqJL7Sx9JHu4RqiQnKKfxoxXD55ZLgzH4liMXxH6LkM"; welcome_background_url = "https://staging.${bloxeldomain}/images/backgrounds/bloxelcom-sunset.jpg";
auth_header_logo_url = "https://www.${bloxeldomain}/bloxelcom.png"; auth_header_logo_url = "https://staging.${bloxeldomain}/images/logos/bloxelcom.png";
}; };
embedded_pages = { embedded_pages = {
home_url = "https://www.${bloxeldomain}/"; home_url = "https://www.${bloxeldomain}/";
@ -537,6 +614,36 @@ in
}; };
}; };
# Mail server
mailserver = rec {
enable = true;
enableManageSieve = true;
domains = [ "${bloxeldomain}" ];
fqdn = "mx.${bloxeldomain}";
certificateScheme = "acme-nginx";
# A list of accounts.
# Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"noreply@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "noreply" "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2"}";
sendOnly = true;
};
"jimbo@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "jimbo" "$2b$05$Chm7AjSicifTVpUWjOx1q.9YGaokIjxijAfqKTmI6o3OR2QU0B4U."}";
aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ];
};
"lunamoonlight@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "luna" "$2a$12$ytZ1k4S.XvQAvzc3pHNDV.m7A/bo8PKznA2qH27g5QHMYDloFHdnK"}";
aliases = [ "us@${bloxeldomain}" "contact@${bloxeldomain}" ];
};
"freecorn1854@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "freecorn1854" "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm"}";
aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ];
};
};
};
# Determine the release version and allow auto-upgrades # Determine the release version and allow auto-upgrades
system.stateVersion = "23.11"; system.stateVersion = "23.11";
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;

4
Server/jimbo.nix
View file

@ -542,8 +542,8 @@ in
controlpanel = "tmux new-session -d -s control; tmux attach -t control"; controlpanel = "tmux new-session -d -s control; tmux attach -t control";
# Minecraft stuff # Minecraft stuff
mcstart21 = "${pkgs.temurin-jre-bin-21}/bin/java -Xmx8G -jar"; mcstart21 = "${pkgs.temurin-jre-bin-21}/bin/java -Xmx4G -jar";
mcstart8 = "${pkgs.temurin-jre-bin-8}/bin/java -Xmx5G -jar"; mcstart8 = "${pkgs.temurin-jre-bin-8}/bin/java -Xmx4G -jar";
velocitystart = "cd ${mineServers}/Velocity && mcstart21 velocity*"; velocitystart = "cd ${mineServers}/Velocity && mcstart21 velocity*";
johnstart = "cd ${mineServers}/Johnside-SMP && mcstart21 paper* --nogui"; johnstart = "cd ${mineServers}/Johnside-SMP && mcstart21 paper* --nogui";
bloxelstart = "cd ${mineServers}/Bloxelcom && mcstart21 paper* --nogui"; bloxelstart = "cd ${mineServers}/Bloxelcom && mcstart21 paper* --nogui";