Add smtp to pretty much every service on the server

This commit is contained in:
Jimbo 2024-08-06 05:27:33 -04:00
parent 8eb0724768
commit 963e056b93
7 changed files with 277 additions and 93 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
Server/secrets.nix

View file

@ -67,10 +67,11 @@ in
# Set all boot options # Set all boot options
boot = { boot = {
# Set a kernel version and load/blacklist drivers # Set a kernel version and load/blacklist drivers
kernelPackages = pkgs.linuxPackages_xanmod_latest; kernelPackages = pkgs.unstable.linuxPackages_zen;
blacklistedKernelModules = [ "pcspkr" ]; blacklistedKernelModules = [ "pcspkr" ];
kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:13c2,10de:0fbb" ]; kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:13c2,10de:0fbb" ];
initrd.kernelModules = [ "vfio" "vfio_pci" "vfio_iommu_type1" ]; initrd.kernelModules = [ "vfio" "vfio_pci" "vfio_iommu_type1" ];
kernel.sysctl."vm.max_map_count" = 2147483642;
# Manage supported filesystems # Manage supported filesystems
supportedFilesystems = { supportedFilesystems = {
@ -101,7 +102,12 @@ in
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Enable the Nouveau drivers # Enable the Nouveau drivers
services.xserver.videoDrivers = [ "nouveau" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.beta;
};
# Enable a permissioning system # Enable a permissioning system
security = { security = {
@ -124,18 +130,21 @@ in
# Timezone # Timezone
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
# Define a user account # Define user accounts
users.users.jimbo = { users.users.jimbo = {
description = "Jimbo Awesome"; description = "Jimbo Awesome";
isNormalUser = true; isNormalUser = true;
hashedPassword = hashedPassword =
"$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0"; "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK jimbo@JimDebianServer"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuCYrIZlD6LNpFh3XTYbXaPQWYysr1oZAX4DL3gF28l jimbo@DV-JHAMPTON"
]; ];
extraGroups = [ extraGroups = [
"wheel" "audio" "video" "input" "disk" "dialout" "wheel" "audio" "video" "input" "disk"
"networkmanager" "kvm" "libvirtd" "qemu-libvirtd" "dialout" "networkmanager" "rtkit"
"kvm" "libvirtd" "qemu-libvirtd"
]; ];
uid = 1000; uid = 1000;
shell = pkgs.zsh; shell = pkgs.zsh;
@ -163,8 +172,6 @@ in
# Enable OpenGL # Enable OpenGL
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
package = pkgs.unstable.mesa.drivers;
package32 = pkgs.unstable.pkgsi686Linux.mesa.drivers;
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
@ -204,14 +211,18 @@ in
]; ];
allowPing = false; allowPing = false;
}; };
extraHosts = ''
192.168.1.18 pc # Set hostnames
192.168.1.17 server hosts = {
192.168.2.2 vm "192.168.2.10" = [ "pc" ];
''; "192.168.2.11" = [ "server" ];
"172.16.0.2" = [ "vm" ];
};
# Set nameserver
nameservers = [ nameservers = [
"1.1.1.1"
"9.9.9.9" "9.9.9.9"
"1.1.1.1"
]; ];
}; };
@ -242,7 +253,7 @@ in
pdpRules = pkgs.writeTextFile { pdpRules = pkgs.writeTextFile {
name = "10-pdp.rules"; name = "10-pdp.rules";
text = '' text = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666", GROUP="plugdev" SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666"
''; '';
destination = "/etc/udev/rules.d/10-pdp.rules"; destination = "/etc/udev/rules.d/10-pdp.rules";
}; };
@ -390,6 +401,9 @@ in
# Enable AppArmor # Enable AppArmor
security.apparmor.enable = true; security.apparmor.enable = true;
# Enable a keying agent
services.gnome.gnome-keyring.enable = true;
# Enable Polkit for authentication # Enable Polkit for authentication
security.polkit.enable = true; security.polkit.enable = true;
@ -402,7 +416,7 @@ in
# Attempt to automount USB drives # Attempt to automount USB drives
services.udisks2.enable = true; services.udisks2.enable = true;
# Used for Seneca VPN # Enable school VPN
services.globalprotect.enable = true; services.globalprotect.enable = true;
# Define the initial install version and allow auto-upgrades # Define the initial install version and allow auto-upgrades

View file

@ -54,8 +54,8 @@
}; };
"/home/jimbo/JimboNFS" = { "/home/jimbo/JimboNFS" = {
device = "server:/export/JimboNFS"; device = "server:/export/JimboNFS";
fsType = "nfs"; fsType = "nfs4";
options = [ "nofail" ]; options = [ "x-systemd.automount" "_netdev" "noauto" ];
}; };
}; };

View file

@ -95,7 +95,7 @@ let
export __GLX_VENDOR_LIBRARY_NAME=nvidia export __GLX_VENDOR_LIBRARY_NAME=nvidia
export WLR_NO_HARDWARE_CURSORS=1 export WLR_NO_HARDWARE_CURSORS=1
else else
export WLR_RENDERER=vulkan :
fi fi
# Sway/Wayland # Sway/Wayland
@ -1153,9 +1153,7 @@ let
P:/home/jimbo/JimboNFS/Projects P:/home/jimbo/JimboNFS/Projects
V:/home/jimbo/JimboNFS/Videos/Random V:/home/jimbo/JimboNFS/Videos/Random
m:/home/jimbo/JimboNFS/Music m:/home/jimbo/JimboNFS/Music
L:/home/jimbo/JimboNFS/MineServers
s:/home/jimbo/JimboNFS/School s:/home/jimbo/JimboNFS/School
N:/home/jimbo/JimboNFS/JimboOS/NixOS
''; '';
# Sunshine apps config # Sunshine apps config
@ -1186,6 +1184,12 @@ let
drivers=pulse drivers=pulse
''; '';
# Ncmpcpp configuration
ncmpcppConf = ''
browser_sort_mode = "name"
user_interface = "alternative"
'';
# FireFox/LibreWolf colors # FireFox/LibreWolf colors
foxJimCol = '' foxJimCol = ''
:root { :root {
@ -1549,12 +1553,14 @@ in
# Install user programs # Install user programs
home.packages = (with pkgs; [ home.packages = (with pkgs; [
# Useful programs # Useful programs
rofi-bluetooth bemoji imv qbittorrent libreoffice-fresh rofi-bluetooth bemoji imv qbittorrent
easyeffects pavucontrol vesktop ffmpegthumbnailer libreoffice-fresh easyeffects pavucontrol
vesktop element-desktop ffmpegthumbnailer
thunderbird
# Terminal programs # Terminal programs
dua vimv p7zip fastfetch gotop pciutils dua vimv p7zip fastfetch gotop pciutils
usbutils tcptrack mpc-cli ncmpcpp usbutils tcptrack mpc-cli ncmpcpp protonvpn-cli_2
# Scripts as global programs # Scripts as global programs
serverDash beScripts makoToggle swayLock serverDash beScripts makoToggle swayLock
@ -1635,7 +1641,7 @@ in
''; '';
in { in {
enable = true; enable = true;
package = pkgs.unstable.sway; # swayfx package = pkgs.sway; # swayfx
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
checkConfig = false; checkConfig = false;
config = { config = {
@ -1664,6 +1670,8 @@ in
# Foreground apps # Foreground apps
{ command = "librewolf -P Variety --name=Variety"; } { command = "librewolf -P Variety --name=Variety"; }
{ command = "vesktop --ozone-platform-hint=auto"; } { command = "vesktop --ozone-platform-hint=auto"; }
{ command = "element-desktop"; }
{ command = "thunderbird"; }
{ command = "serverdash"; } { command = "serverdash"; }
]; ];
@ -1824,9 +1832,11 @@ in
"${primeMod}+Shift+b" = ''exec rofi-bluetooth''; "${primeMod}+Shift+b" = ''exec rofi-bluetooth'';
"${primeMod}+Shift+Return" = ''exec ${terminal} ranger''; "${primeMod}+Shift+Return" = ''exec ${terminal} ranger'';
# Swaytools prop, colorpicker # Swaytools prop, colorpicker, obs-cmd
"${primeMod}+Ctrl+x" = ''exec ${swayTools} --prop''; "${primeMod}+Ctrl+x" = ''exec ${swayTools} --prop'';
"${primeMod}+Ctrl+c" = ''exec ${pkgs.hyprpicker}/bin/hyprpicker -an && ${sendNotif} "Color copied to clipboard"''; "${primeMod}+Ctrl+c" = ''exec ${pkgs.hyprpicker}/bin/hyprpicker -an && ${sendNotif} "Color copied to clipboard"'';
"${primeMod}+Ctrl+Prior" = ''exec ${pkgs.obs-cmd}/bin/obs-cmd scene switch "Main"'';
"${primeMod}+Ctrl+Next" = ''exec ${pkgs.obs-cmd}/bin/obs-cmd scene switch "Guest"'';
## Media keys ## Media keys
@ -2037,9 +2047,11 @@ in
# Communication # Communication
"${w3a}" = [{ class = "zoom"; }]; "${w3a}" = [{ class = "zoom"; }];
"${w8}" = [{ app_id = "vesktop"; }]; "${w8}" = [{ app_id = "vesktop"; }];
"${w9}" = [{ class = "Element"; }];
"${w7a}" = [{ app_id = "thunderbird"; }];
# Else # Else
"${w2}" = [{ class = "steam"; } { class = "heroic"; } { app_id = "lutris"; }]; "${w2}" = [{ class = "SDL Application"; } { class = "heroic"; }];
"${w2a}" = [{ app_id = "looking-glass-client"; }]; "${w2a}" = [{ app_id = "looking-glass-client"; }];
"${w4}" = [{ app_id = "serverdash"; }]; "${w4}" = [{ app_id = "serverdash"; }];
"${w4a}" = [{ app_id = "com.obsproject.Studio"; }]; "${w4a}" = [{ app_id = "com.obsproject.Studio"; }];
@ -2554,14 +2566,12 @@ in
"file:///home/jimbo/JimboNFS/Music" "file:///home/jimbo/JimboNFS/Music"
"file:///home/jimbo/JimboNFS/Photos" "file:///home/jimbo/JimboNFS/Photos"
"file:///home/jimbo/JimboNFS/Videos" "file:///home/jimbo/JimboNFS/Videos"
"file:///home/jimbo/JimboNFS/MineServers"
"file:///home/jimbo/JimboNFS/Projects" "file:///home/jimbo/JimboNFS/Projects"
# Links and mounts # Links and mounts
"file:///home/jimbo/VMs" "file:///home/jimbo/VMs"
# More important stuff # More important stuff
"file:///home/jimbo/JimboNFS/JimboOS"
"file:///home/jimbo/JimboNFS/School" "file:///home/jimbo/JimboNFS/School"
]; ];
@ -2871,10 +2881,9 @@ in
programs.obs-studio = { programs.obs-studio = {
enable = true; enable = true;
plugins = with pkgs.obs-studio-plugins; [ plugins = with pkgs.obs-studio-plugins; [
obs-pipewire-audio-capture obs-pipewire-audio-capture obs-webkitgtk
looking-glass-obs obs-multi-rtmp obs-vkcapture obs-tuna
obs-webkitgtk advanced-scene-switcher looking-glass-obs
advanced-scene-switcher
]; ];
}; };
@ -2949,7 +2958,7 @@ in
".alsoftrc".text = alsoftConf; ".alsoftrc".text = alsoftConf;
# Ncmpcpp config # Ncmpcpp config
".config/ncmpcpp/config".text = "browser_sort_mode = \"name\""; ".config/ncmpcpp/config".text = ncmpcppConf;
# LibreWolf profiles and theming # LibreWolf profiles and theming
".librewolf/profiles.ini".text = foxProfiles; ".librewolf/profiles.ini".text = foxProfiles;
@ -2991,6 +3000,8 @@ in
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
initExtra = '' initExtra = ''
${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
setopt HIST_IGNORE_SPACE
setopt RM_STAR_WAIT
''; '';
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
@ -3024,7 +3035,7 @@ in
# Download from sources # Download from sources
ytdl = "yt-dlp --embed-thumbnail --embed-metadata --output \"%(title)s.%(ext)s\""; ytdl = "yt-dlp --embed-thumbnail --embed-metadata --output \"%(title)s.%(ext)s\"";
ytmp4 = "ytdl --recode-video mp4"; ytmp4 = "ytdl --recode-video webm";
ytm3u = "yt-dlp -gS proto:m3u8"; ytm3u = "yt-dlp -gS proto:m3u8";
opusdl = "ytdl --recode-video opus"; opusdl = "ytdl --recode-video opus";
ytopus = "opusdl --format 251"; ytopus = "opusdl --format 251";
@ -3032,7 +3043,7 @@ in
# Flakes # Flakes
buildiso = buildiso =
"nix run github:nix-community/nixos-generators -- -f install-iso -c /etc/nixos/configuration.nix"; "${pkgs.nixos-generators}/bin/nixos-generate -f install-iso -c /home/jimbo/Downloads/NixISO/configuration.nix";
}; };
}; };

View file

@ -9,10 +9,13 @@ let
bloxeldomain = ''bloxelcom.net''; bloxeldomain = ''bloxelcom.net'';
# IPs # IPs
localspan = ''192.168.1''; localspan = ''192.168.2'';
pc = ''${localspan}.18''; pc = ''${localspan}.10'';
server = ''${localspan}.17''; server = ''${localspan}.11'';
vm = ''${localspan}.70''; vm = ''${localspan}.70'';
# Secrets and passwords
secrets = import ./secrets.nix;
in in
{ {
@ -67,22 +70,36 @@ in
# Disable Nano # Disable Nano
programs.nano.enable = false; programs.nano.enable = false;
# Define a user account. # Define user account.
users.users.jimbo = { users.users.jimbo = {
isNormalUser = true; isNormalUser = true;
hashedPassword = hashedPassword = secrets.jimboAccPassword;
"$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuCYrIZlD6LNpFh3XTYbXaPQWYysr1oZAX4DL3gF28l jimbo@DV-JHAMPTON" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuCYrIZlD6LNpFh3XTYbXaPQWYysr1oZAX4DL3gF28l jimbo@DV-JHAMPTON"
]; ];
extraGroups = [ "wheel" "docker" ]; extraGroups = [ "wheel" "docker" "musicFolder" "nfsShare" ];
uid = 1000; uid = 1000;
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
# Add Nginx to extra groups # Add service users to extra groups
users.users.nginx.extraGroups = [ "turnserver" "virtualMail" ]; users.users = {
nginx = {
extraGroups = [ "turnserver" "virtualMail" ];
isSystemUser = true;
};
nextcloud = {
extraGroups = [ "nfsShare" "musicFolder" ];
isSystemUser = true;
};
};
# Define custom groups
users.groups = {
nfsShare = {};
musicFolder = {};
};
# Installed programs to the system profile. # Installed programs to the system profile.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -112,7 +129,10 @@ in
# Minecraft # Minecraft
25565 19132 25565 19132
# Gitea # Pufferpanel sftp
5657
# Gitea SSH
2299 2299
# Coturn # Coturn
@ -156,9 +176,9 @@ in
'' ''
iptables -N RTMPCHAIN iptables -N RTMPCHAIN
iptables -A INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN iptables -A INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN
iptables -A RTMPCHAIN -s ${pc} -j ACCEPT iptables -A RTMPCHAIN -s ${pc} -m comment --comment "Local PC" -j ACCEPT
iptables -A RTMPCHAIN -s 71.87.124.226 -j ACCEPT iptables -A RTMPCHAIN -s 71.87.124.226 -m comment --comment "Luna IP" -j ACCEPT
iptables -A RTMPCHAIN -s 24.66.98.13 -j ACCEPT iptables -A RTMPCHAIN -s 24.66.98.13 -m comment --comment "Freecorn IP" -j ACCEPT
iptables -A RTMPCHAIN -j DROP iptables -A RTMPCHAIN -j DROP
'' + '' +
@ -225,10 +245,21 @@ in
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
# Homepage redirect
"${jimdomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
extraConfig = "
return 301 https://social.${bloxeldomain}/@jimbo;
";
};
};
# Nextcloud Proxy # Nextcloud Proxy
"cloud.${jimdomain}" = { "cloud.${jimdomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; addSSL = true;
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = " extraConfig = "
@ -283,6 +314,16 @@ in
}; };
}; };
# Gitea Proxy
"mc.${jimdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5010";
proxyWebsockets = true;
};
};
# Matrix Proxy # Matrix Proxy
"matrix.${bloxeldomain}" = { "matrix.${bloxeldomain}" = {
enableACME = true; enableACME = true;
@ -293,8 +334,8 @@ in
# Element Proxy # Element Proxy
"chat.${bloxeldomain}" = { "chat.${bloxeldomain}" = {
addSSL = true;
enableACME = true; enableACME = true;
addSSL = true;
root = "${pkgs.element-web}"; root = "${pkgs.element-web}";
}; };
@ -347,8 +388,8 @@ in
# Staging Bloxel Proxy # Staging Bloxel Proxy
"staging.${bloxeldomain}" = { "staging.${bloxeldomain}" = {
addSSL = true;
enableACME = true; enableACME = true;
addSSL = true;
root = "/var/www/bloxelcomweb/landing-page/"; root = "/var/www/bloxelcomweb/landing-page/";
locations."/BloxelcomCable/hls" = { locations."/BloxelcomCable/hls" = {
extraConfig = '' extraConfig = ''
@ -396,6 +437,11 @@ in
hls_fragment 3; hls_fragment 3;
hls_playlist_length 40; hls_playlist_length 40;
} }
application forward {
record off;
live on;
allow play all;
}
} }
} }
''; '';
@ -416,6 +462,16 @@ in
trusted_proxies = [ "127.0.0.1" ]; trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${jimdomain}" ]; trusted_domains = [ "cloud.${jimdomain}" ];
overwriteprotocol = "https"; overwriteprotocol = "https";
# Mailserver settings
mail_smtphost = "mx.${bloxeldomain}";
mail_domain = "${bloxeldomain}";
mail_from_address = "noreply";
mail_smtpauth = "true";
mail_smtpname = "noreply@${bloxeldomain}";
mail_smtppassword = secrets.noreplyPassword;
mail_smtpmode = "smtp";
mail_smtpport = 587;
}; };
}; };
@ -428,6 +484,16 @@ in
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222; ROCKET_PORT = 8222;
ROCKET_LOG = "critical"; ROCKET_LOG = "critical";
# Smtp email
SMTP_HOST = "mx.${bloxeldomain}";
SMTP_FROM = "noreply@${bloxeldomain}";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@${bloxeldomain}";
SMTP_PASSWORD = secrets.noreplyPassword;
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
SMTP_TIMEOUT = 15;
}; };
}; };
@ -448,10 +514,75 @@ in
SSH_PORT = 2299; SSH_PORT = 2299;
START_SSH_SERVER = true; START_SSH_SERVER = true;
}; };
mailer = {
ENABLED = true;
SMTP_ADDR = "mx.${bloxeldomain}";
FROM = "noreply@${bloxeldomain}";
PASSWD = secrets.noreplyPassword;
PROTOCOL = "smtp+starttls";
SMTP_PORT = 587;
};
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
}; };
}; };
# Pufferpannel for Minecraft
pufferpanel = {
enable = true;
environment = {
PUFFER_WEB_HOST = ":5010";
PUFFER_PANEL_REGISTRATIONENABLED = "false";
PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
PUFFER_PANEL_EMAIL_HOST = "mx.${bloxeldomain}:587";
PUFFER_PANEL_EMAIL_FROM = "noreply@${bloxeldomain}";
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${bloxeldomain}";
PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
};
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
package = pkgs.buildFHSEnv {
name = "pufferpanel-fhs";
meta.mainProgram = "pufferpanel-fhs";
runScript = lib.getExe pkgs.pufferpanel;
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
};
};
# MariaDB
mysql = {
enable = true;
package = pkgs.mariadb;
dataDir = "/var/lib/mysql";
initialDatabases = [
{ name = "nextcloud"; }
{ name = "matrix"; }
{ name = "git"; }
{ name = "minecraft"; }
];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"nextcloud.*" = "ALL PRIVILEGES";
};
}{
name = "matrix-synapse";
ensurePermissions = {
"matrix.*" = "ALL PRIVILEGES";
};
}{
name = "gitea";
ensurePermissions = {
"git.*" = "ALL PRIVILEGES";
};
}{
name = "minecraft";
ensurePermissions = {
"minecraft.*" = "ALL PRIVILEGES";
};
}
];
};
# Owncast # Owncast
owncast = { owncast = {
enable = true; enable = true;
@ -477,7 +608,6 @@ in
# Synapse for Matrix clients # Synapse for Matrix clients
matrix-synapse = with config.services.coturn; { matrix-synapse = with config.services.coturn; {
enable = true; enable = true;
extraConfigFiles = [ "/etc/matrix-synapse/conf.d/email-conf.yaml" ];
settings = { settings = {
server_name = "${bloxeldomain}"; server_name = "${bloxeldomain}";
public_baseurl = "https://matrix.${bloxeldomain}"; public_baseurl = "https://matrix.${bloxeldomain}";
@ -494,6 +624,26 @@ in
x_forwarded = true; x_forwarded = true;
}]; }];
# Enable smtp for password resets
email = {
notif_from = "Bloxelcom's Matrix Homeserver <noreply@bloxelcom.net>";
smtp_host = "mx.${bloxeldomain}";
smtp_user = "noreply@${bloxeldomain}";
smtp_pass = secrets.noreplyPassword;
enable_tls = true;
smtp_port = 587;
require_transport_security = true;
};
# Disable registration without email
registrations_require_3pid = [ "email" ];
# Allow only this range of emails
allowed_local_3pids = [{
medium = "email";
pattern = "^[^@]+@bloxelcom\\.net$";
}];
# Set the type of database # Set the type of database
database.name = "sqlite3"; database.name = "sqlite3";
@ -522,17 +672,17 @@ in
streamingProcesses = 4; streamingProcesses = 4;
configureNginx = true; configureNginx = true;
smtp = { smtp = {
createLocally = false;
host = "mx.${bloxeldomain}"; host = "mx.${bloxeldomain}";
port = 587; port = 587;
authenticate = true; authenticate = true;
user = "noreply@${bloxeldomain}";
passwordFile = "/var/lib/mastodon/secrets/smtp-password";
fromAddress = "noreply@${bloxeldomain}"; fromAddress = "noreply@${bloxeldomain}";
createLocally = false; user = "noreply@${bloxeldomain}";
passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword;
}; };
}; };
# Try Lemmy # Lemmy forums
lemmy = { lemmy = {
enable = true; enable = true;
nginx.enable = true; nginx.enable = true;
@ -543,19 +693,13 @@ in
smtp_server = "mx.${bloxeldomain}:587"; smtp_server = "mx.${bloxeldomain}:587";
smtp_login = "noreply@${bloxeldomain}"; smtp_login = "noreply@${bloxeldomain}";
smtp_from_address = "noreply@${bloxeldomain}"; smtp_from_address = "noreply@${bloxeldomain}";
smtp_password = secrets.noreplyPassword;
tls_type = "starttls"; tls_type = "starttls";
}; };
}; };
smtpPasswordFile = "/var/lib/mastodon/secrets/smtp-password";
}; };
# Snowflake proxy for Tor # Roundcube mail server
snowflake-proxy.enable = true;
# Fix a nonbuilding issue
logrotate.checkConfig = false;
# Try roundcube
roundcube = { roundcube = {
enable = true; enable = true;
hostName = "mail.${bloxeldomain}"; hostName = "mail.${bloxeldomain}";
@ -565,6 +709,12 @@ in
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
''; '';
}; };
# Snowflake proxy for Tor
snowflake-proxy.enable = true;
# Fix a nonbuilding issue
logrotate.checkConfig = false;
}; };
# Make Nginx not shit itself # Make Nginx not shit itself
@ -626,21 +776,25 @@ in
# Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' # Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = { loginAccounts = {
"noreply@${bloxeldomain}" = { "noreply@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "noreply" "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2"}"; hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplySmtpHash;
sendOnly = true; sendOnly = true;
}; };
"jimbo@${bloxeldomain}" = { "jimbo@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "jimbo" "$2b$05$Chm7AjSicifTVpUWjOx1q.9YGaokIjxijAfqKTmI6o3OR2QU0B4U."}"; hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboSmtpHash;
aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ]; aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ];
}; };
"lunamoonlight@${bloxeldomain}" = { "lunamoonlight@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "luna" "$2a$12$ytZ1k4S.XvQAvzc3pHNDV.m7A/bo8PKznA2qH27g5QHMYDloFHdnK"}"; hashedPasswordFile = pkgs.writeText "luna" secrets.lunaSmtpHash;
aliases = [ "us@${bloxeldomain}" "contact@${bloxeldomain}" ]; aliases = [ "us@${bloxeldomain}" "contact@${bloxeldomain}" ];
}; };
"freecorn1854@${bloxeldomain}" = { "freecorn1854@${bloxeldomain}" = {
hashedPasswordFile = "${pkgs.writeText "freecorn1854" "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm"}"; hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornSmtpHash;
aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ]; aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ];
}; };
"tinyattack09@${bloxeldomain}" = {
hashedPasswordFile = pkgs.writeText "tiny" secrets.tinySmtpHash;
aliases = [ "smallthing@${bloxeldomain}" ];
};
}; };
}; };

View file

@ -19,7 +19,6 @@
"/home/jimbo/JimboNFS" = { "/home/jimbo/JimboNFS" = {
device = "/dev/disk/by-uuid/713fcd92-534c-4153-8e04-e0c6fe5f6a51"; device = "/dev/disk/by-uuid/713fcd92-534c-4153-8e04-e0c6fe5f6a51";
fsType = "ext4"; fsType = "ext4";
neededForBoot = true;
}; };
"/export/JimboNFS" = { "/export/JimboNFS" = {
device = "/home/jimbo/JimboNFS"; device = "/home/jimbo/JimboNFS";
@ -27,41 +26,53 @@
options = [ "bind" ]; options = [ "bind" ];
}; };
"/mnt/nextcloud/data/JimboNFS" = { "/mnt/nextcloud/data/JimboNFS" = {
device = "/home/jimbo/JimboNFS"; device = "/export/JimboNFS";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = {
device = "/home/jimbo/JimboNFS/Music";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
}; };
# Atrocity # Atrocity of var bindmounts
"/var/lib/bitwarden_rs" = { "/var/lib/bitwarden_rs" = {
device = "/home/jimbo/JimboNFS/System/var/lib/bitwarden_rs"; device = "/export/JimboNFS/System/var/lib/bitwarden_rs";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
}; };
"/var/lib/gitea" = { "/var/lib/gitea" = {
device = "/home/jimbo/JimboNFS/System/var/lib/gitea"; device = "/export/JimboNFS/System/var/lib/gitea";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
}; };
"/var/lib/matrix-synapse" = { "/var/lib/matrix-synapse" = {
device = "/home/jimbo/JimboNFS/System/var/lib/matrix-synapse"; device = "/export/JimboNFS/System/var/lib/matrix-synapse";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
}; };
"/var/lib/nextcloud" = { "/var/lib/nextcloud" = {
device = "/home/jimbo/JimboNFS/System/var/lib/nextcloud"; device = "/export/JimboNFS/System/var/lib/nextcloud";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
}; };
"/var/lib/owncast" = { "/var/lib/owncast" = {
device = "/home/jimbo/JimboNFS/System/var/lib/owncast"; device = "/export/JimboNFS/System/var/lib/owncast";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = {
device = "/export/JimboNFS/Music";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
};
"/var/lib/pufferpanel/servers" = {
device = "/export/JimboNFS/MineServers";
fsType = "none";
options = [ "bind" ];
depends = [ "/export/JimboNFS" ];
}; };
}; };
swapDevices = [ swapDevices = [

View file

@ -355,11 +355,11 @@ let
a:/home/jimbo/JimboNFS a:/home/jimbo/JimboNFS
K:/home/jimbo/JimboNFS/Downloads K:/home/jimbo/JimboNFS/Downloads
p:/home/jimbo/JimboNFS/Photos p:/home/jimbo/JimboNFS/Photos
P:/home/jimbo/JimboNFS/Projects
V:/home/jimbo/JimboNFS/Videos/Random V:/home/jimbo/JimboNFS/Videos/Random
m:/home/jimbo/JimboNFS/Music m:/home/jimbo/JimboNFS/Music
L:/home/jimbo/JimboNFS/MineServers L:/home/jimbo/JimboNFS/MineServers
s:/home/jimbo/JimboNFS/School s:/home/jimbo/JimboNFS/School
N:/home/jimbo/JimboNFS/JimboOS/NixOS
''; '';
in in
@ -514,6 +514,8 @@ in
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
initExtra = '' initExtra = ''
${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
setopt HIST_IGNORE_SPACE
setopt RM_STAR_WAIT
''; '';
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
@ -524,7 +526,7 @@ in
mineServers = ''/home/jimbo/JimboNFS/MineServers''; mineServers = ''/home/jimbo/JimboNFS/MineServers'';
in { in {
# NixOS aliases # NixOS aliases
nixcfg = "nvim /etc/nixos/{configuration,jimbo,hardware-configuration}.nix"; nixcfg = "nvim /etc/nixos/{configuration,jimbo,secrets,hardware-configuration}.nix";
nixswitch = "${auth} nixos-rebuild switch"; nixswitch = "${auth} nixos-rebuild switch";
nixdate = "${auth} nixos-rebuild switch --upgrade-all"; nixdate = "${auth} nixos-rebuild switch --upgrade-all";
nixclean = "${auth} nix-store --gc; nix-collect-garbage -d"; nixclean = "${auth} nix-store --gc; nix-collect-garbage -d";
@ -540,15 +542,6 @@ in
# Start basic programs # Start basic programs
controlpanel = "tmux new-session -d -s control; tmux attach -t control"; controlpanel = "tmux new-session -d -s control; tmux attach -t control";
# Minecraft stuff
mcstart21 = "${pkgs.temurin-jre-bin-21}/bin/java -Xmx4G -jar";
mcstart8 = "${pkgs.temurin-jre-bin-8}/bin/java -Xmx4G -jar";
velocitystart = "cd ${mineServers}/Velocity && mcstart21 velocity*";
johnstart = "cd ${mineServers}/Johnside-SMP && mcstart21 paper* --nogui";
bloxelstart = "cd ${mineServers}/Bloxelcom && mcstart21 paper* --nogui";
dewstart = "cd ${mineServers}/DewDestroyer && mcstart21 paper* --nogui";
betastart = "cd ${mineServers}/BetaServer && mcstart8 Posiden*";
}; };
}; };