diff --git a/Server/configuration.nix b/Server/configuration.nix index f76a9ee..2293835 100644 --- a/Server/configuration.nix +++ b/Server/configuration.nix @@ -4,9 +4,6 @@ let homeManager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; - # Define domains and ips - jimDomain = ''jimbosfiles.com''; - # IPs netInt = ''eno1''; localSpan = ''10.0.0''; @@ -26,10 +23,9 @@ in "${homeManager}/nixos" # Mail server import - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-24.05/nixos-mailserver-nixos-24.05.tar.gz"; - sha256 = "0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b"; - }) + (fetchTarball + "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-24.05/nixos-mailserver-nixos-24.05.tar.gz" + ) ]; # Allow unfree packages @@ -105,7 +101,7 @@ in ]; # Define timezone and networking settings - time.timeZone = "America/New_York"; + time.timeZone = secrets.timeZone; networking = { hostName = "JimNixServer"; @@ -118,7 +114,7 @@ in allowPing = false; allowedTCPPorts = [ 80 443 # Nginx - 25565 19132 5657 # Minecraft & Pufferpanel SFTP + 25565 19132 5657 # Pufferpanel 2299 # Gitea SSH 3478 5349 # Coturn ]; @@ -208,24 +204,24 @@ in ''; }; - # DDClient for Dynamic IPpanels + # DDClient for Dynamic IPs ddclient = { enable = true; protocol = "cloudflare"; use = "web, web=https://ipinfo.io/ip"; - zone = "${jimDomain}"; + zone = "${secrets.jimDomain}"; username = "token"; passwordFile = "${pkgs.writeText "cloudflareapikey" secrets.flareApiKey}"; domains = [ - "${jimDomain}" - "*.${jimDomain}" - "beta.${jimDomain}" - "git.${jimDomain}" - "john.${jimDomain}" - "mc.${jimDomain}" - "mx.${jimDomain}" - "panel.${jimDomain}" - "rtmp.${jimDomain}" + "${secrets.jimDomain}" + "*.${secrets.jimDomain}" + "beta.${secrets.jimDomain}" + "git.${secrets.jimDomain}" + "john.${secrets.jimDomain}" + "mc.${secrets.jimDomain}" + "mx.${secrets.jimDomain}" + "panel.${secrets.jimDomain}" + "rtmp.${secrets.jimDomain}" ]; }; @@ -241,7 +237,7 @@ in recommendedProxySettings = true; virtualHosts = { # Homepage redirect - "${jimDomain}" = { + "${secrets.jimDomain}" = { enableACME = true; addSSL = true; root = "/var/www/jimweb"; @@ -252,13 +248,13 @@ in return 200 ' { "m.homeserver": { - "base_url": "https://matrix.${jimDomain}" + "base_url": "https://matrix.${secrets.jimDomain}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { - "url": "https://matrix.${jimDomain}" + "url": "https://matrix.${secrets.jimDomain}" } }'; ''; @@ -266,14 +262,14 @@ in "/.well-known/matrix/server" = { extraConfig = '' default_type application/json; - return 200 '{"m.server": "matrix.${jimDomain}:443"}'; + return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}'; ''; }; }; }; # Nextcloud Proxy - "cloud.${jimDomain}" = { + "cloud.${secrets.jimDomain}" = { enableACME = true; addSSL = true; locations."/" = { @@ -290,7 +286,7 @@ in }; # Vaultwarden Proxy - "warden.${jimDomain}" = { + "warden.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -300,7 +296,7 @@ in }; # Recipes Proxy - "recipes.${jimDomain}" = { + "recipes.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -310,7 +306,7 @@ in }; # Bluemap Proxy - "bluemap.${jimDomain}" = { + "bluemap.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -320,7 +316,7 @@ in }; # Gitea Proxy - "git.${jimDomain}" = { + "git.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -330,7 +326,7 @@ in }; # Pufferpanel Proxy - "panel.${jimDomain}" = { + "panel.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -340,7 +336,7 @@ in }; # Matrix Proxy - "matrix.${jimDomain}" = { + "matrix.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations = { @@ -353,14 +349,14 @@ in }; # Element Proxy - "chat.${jimDomain}" = { + "chat.${secrets.jimDomain}" = { enableACME = true; addSSL = true; root = "${pkgs.element-web}"; }; # Coturn Proxy - "turn.${jimDomain}" = { + "turn.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; listen = [ @@ -370,7 +366,7 @@ in }; # Radio Proxy - "radio.${jimDomain}" = { + "radio.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -380,7 +376,7 @@ in }; # Streaming proxy - "live.${jimDomain}" = { + "live.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -390,7 +386,7 @@ in }; # Mail certificate proxy - "mx.${jimDomain}" = { + "mx.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -400,20 +396,10 @@ in }; # Add SSL to Lemmy - "lemmy.${jimDomain}" = { + "lemmy.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; }; - - # Adguard - "guard.${jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; - }; - }; }; appendConfig = '' rtmp { @@ -440,7 +426,7 @@ in nextcloud = { enable = true; package = pkgs.nextcloud29; - hostName = "cloud.${jimDomain}"; + hostName = "cloud.${secrets.jimDomain}"; datadir = "/mnt/nextcloud"; https = true; config = { @@ -449,15 +435,15 @@ in }; settings = { trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${jimDomain}" ]; + trusted_domains = [ "cloud.${secrets.jimDomain}" ]; overwriteprotocol = "https"; # Mailserver settings - mail_smtphost = "mx.${jimDomain}"; - mail_domain = "${jimDomain}"; + mail_smtphost = "mx.${secrets.jimDomain}"; + mail_domain = "${secrets.jimDomain}"; mail_from_address = "noreply"; mail_smtpauth = "true"; - mail_smtpname = "noreply@${jimDomain}"; + mail_smtpname = "noreply@${secrets.jimDomain}"; mail_smtppassword = secrets.noreplyPassword; mail_smtpmode = "smtp"; mail_smtpport = 587; @@ -468,17 +454,17 @@ in vaultwarden = { enable = true; config = { - DOMAIN = "https://warden.${jimDomain}"; + DOMAIN = "https://warden.${secrets.jimDomain}"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; # Smtp email - SMTP_HOST = "mx.${jimDomain}"; - SMTP_FROM = "noreply@${jimDomain}"; + SMTP_HOST = "mx.${secrets.jimDomain}"; + SMTP_FROM = "Jimbo's Vaultwarden "; SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${jimDomain}"; + SMTP_USERNAME = "noreply@${secrets.jimDomain}"; SMTP_PASSWORD = secrets.noreplyPassword; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; @@ -497,21 +483,21 @@ in enable = true; settings = { server = { - DOMAIN = "git.${jimDomain}"; - ROOT_URL = "https://git.${jimDomain}:443"; + DOMAIN = "git.${secrets.jimDomain}"; + ROOT_URL = "https://git.${secrets.jimDomain}:443"; HTTP_PORT = 3110; SSH_PORT = 2299; START_SSH_SERVER = true; }; mailer = { ENABLED = true; - SMTP_ADDR = "mx.${jimDomain}"; - FROM = "noreply@${jimDomain}"; + SMTP_ADDR = "mx.${secrets.jimDomain}"; + FROM = "Jimbo's Git "; + USER = "noreply@${secrets.jimDomain}"; PASSWD = secrets.noreplyPassword; - PROTOCOL = "smtp+starttls"; - SMTP_PORT = 587; + PROTOCOL = "smtps"; }; - service.DISABLE_REGISTRATION = true; + service.REGISTER_EMAIL_CONFIRM = true; }; }; @@ -520,12 +506,12 @@ in enable = true; environment = { PUFFER_WEB_HOST = ":5010"; - PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${jimDomain}"; - PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; - PUFFER_PANEL_EMAIL_HOST = "mx.${jimDomain}:587"; - PUFFER_PANEL_EMAIL_FROM = "noreply@${jimDomain}"; - PUFFER_PANEL_EMAIL_USERNAME = "noreply@${jimDomain}"; - PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; + PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; + PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587"; + PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; }; extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; package = pkgs.buildFHSEnv { @@ -536,6 +522,7 @@ in }; }; + # MariaDB mysql = { enable = true; @@ -570,7 +557,7 @@ in min-port = 49000; max-port = 50000; use-auth-secret = true; - realm = "turn.${jimDomain}"; + realm = "turn.${secrets.jimDomain}"; static-auth-secret = "will be world readable for local users :("; cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; @@ -580,8 +567,8 @@ in matrix-synapse = with config.services.coturn; { enable = true; settings = { - server_name = "${jimDomain}"; - public_baseurl = "https://matrix.${jimDomain}"; + server_name = "${secrets.jimDomain}"; + public_baseurl = "https://matrix.${secrets.jimDomain}"; suppress_key_server_warning = true; # Set the network config @@ -597,9 +584,9 @@ in # Enable smtp for password resets email = { - notif_from = "Jimbo's Matrix Homeserver "; - smtp_host = "mx.${jimDomain}"; - smtp_user = "noreply@${jimDomain}"; + notif_from = "Jimbo's Matrix "; + smtp_host = "mx.${secrets.jimDomain}"; + smtp_user = "noreply@${secrets.jimDomain}"; smtp_pass = secrets.noreplyPassword; enable_tls = true; smtp_port = 587; @@ -647,7 +634,7 @@ in in { enable = true; settings = { - SYNCV3_SERVER = "https://matrix.${jimDomain}"; + SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}"; SYNCV3_BINDADDR = "0.0.0.0:8009"; }; environmentFile = "${matrixSecretFile}"; @@ -656,16 +643,16 @@ in # Mastodon mastodon = { enable = true; - localDomain = "social.${jimDomain}"; + localDomain = "social.${secrets.jimDomain}"; streamingProcesses = 4; configureNginx = true; smtp = { createLocally = false; - host = "mx.${jimDomain}"; + host = "mx.${secrets.jimDomain}"; port = 587; authenticate = true; - fromAddress = "noreply@${jimDomain}"; - user = "noreply@${jimDomain}"; + fromAddress = "Jimbo's Mastodon "; + user = "noreply@${secrets.jimDomain}"; passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword; }; }; @@ -676,11 +663,11 @@ in nginx.enable = true; database.createLocally = true; settings = { - hostname = "lemmy.${jimDomain}"; + hostname = "lemmy.${secrets.jimDomain}"; email = { - smtp_server = "mx.${jimDomain}:587"; - smtp_login = "noreply@${jimDomain}"; - smtp_from_address = "noreply@${jimDomain}"; + smtp_server = "mx.${secrets.jimDomain}:587"; + smtp_login = "noreply@${secrets.jimDomain}"; + smtp_from_address = "Jimbo's Lemmy "; smtp_password = secrets.noreplyPassword; tls_type = "starttls"; }; @@ -690,7 +677,7 @@ in # Roundcube mail server roundcube = { enable = true; - hostName = "mail.${jimDomain}"; + hostName = "mail.${secrets.jimDomain}"; extraConfig = '' $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_user'] = "%u"; @@ -698,9 +685,6 @@ in ''; }; - # Enable a custom DNS server - adguardhome.enable = true; - # Snowflake proxy for Tor snowflake-proxy.enable = true; @@ -711,19 +695,17 @@ in redis.servers.rspamd.port = 1515; }; - # Make Nginx not shit itself + # Force Nginx to work and be able to read+write the hls path security.pam.services.nginx.setEnvironment = false; systemd.services.nginx.serviceConfig = { SupplementaryGroups = [ "shadow" ]; + ReadWritePaths = [ "/var/www/jimweb/streams/hls/" ]; }; - systemd.services.nginx.serviceConfig.ReadWritePaths = [ - "/var/www/jimweb/streams/hls/" - ]; # Get certificates for Coturn security.acme = { acceptTerms = true; - defaults.email = "jimjam4real@gmail.com"; + defaults.email = secrets.jimEmail; certs = { ${config.services.coturn.realm} = { group = "turnserver"; @@ -736,16 +718,16 @@ in nixpkgs.config.element-web.conf = { default_server_config = { "m.homeserver" = { - base_url = "https://matrix.${jimDomain}"; - server_name = "matrix.${jimDomain}"; + base_url = "https://matrix.${secrets.jimDomain}"; + server_name = "matrix.${secrets.jimDomain}"; }; }; branding = { - #welcome_background_url = "https://staging.${jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; - #auth_header_logo_url = "https://staging.${jimDomain}/images/logos/bloxelcom.png"; + #welcome_background_url = "https://staging.${secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; + #auth_header_logo_url = "https://staging.${secrets.jimDomain}/images/logos/bloxelcom.png"; }; embedded_pages = { - home_url = "https://www.${jimDomain}/"; + home_url = "https://www.${secrets.jimDomain}/"; }; disable_custom_urls = true; disable_guests = true; @@ -755,17 +737,15 @@ in # Enable Docker virtualisation.docker = { enable = true; - daemon.settings = { - log-driver = "json-file"; - }; + daemon.settings.log-driver = "json-file"; }; # Mail server mailserver = rec { enable = true; enableManageSieve = true; - domains = [ "${jimDomain}" ]; - fqdn = "mx.${jimDomain}"; + domains = [ "${secrets.jimDomain}" ]; + fqdn = "mx.${secrets.jimDomain}"; certificateScheme = "acme-nginx"; localDnsResolver = false; redis.port = 1515; @@ -773,23 +753,23 @@ in # A list of accounts. # Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { - "noreply@${jimDomain}" = { + "noreply@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash; sendOnly = true; }; - "jimbo@${jimDomain}" = { + "jimbo@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash; - aliases = [ "canada@${jimDomain}" "contact@${jimDomain}" ]; + aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; }; - "lunamoonlight@${jimDomain}" = { + "lunamoonlight@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash; - aliases = [ "us@${jimDomain}" "contact@${jimDomain}" ]; + aliases = [ "us@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; }; - "freecorn1854@${jimDomain}" = { + "freecorn1854@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash; - aliases = [ "canada@${jimDomain}" "contact@${jimDomain}" ]; + aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; }; - "tinyattack09@${jimDomain}" = { + "tinyattack09@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash; }; }; diff --git a/Server/jimbo.nix b/Server/jimbo.nix index 83b72b9..e587728 100644 --- a/Server/jimbo.nix +++ b/Server/jimbo.nix @@ -92,7 +92,6 @@ let "text": "date -d @$(stat -c %W /) '+%a %b %d %r %Z %Y'", "key": "󰶡 " }, - { "type": "custom", "format": "\u001b[1m—————————————————————————————————————" @@ -495,7 +494,6 @@ in ".config/ranger/rc.conf".text = rangerConf; ".config/ranger/rifle.conf".text = rifleConf; ".config/ranger/scope.sh" = { text = rangerScope; executable = true; }; - ".local/share/ranger/bookmarks".text = rangerBookmarks; ".config/ranger/plugins/devicons/devicons.py".source = "${pkgs.fetchurl { url = "https://raw.githubusercontent.com/alexanderjeurissen/ranger_devicons/2c3c19dffb4238d01c74515c9eed5088066db243/devicons.py"; sha256 = "0girsranwhsgc6kcyh1mkwymx0bl14a2k5nzk3kyllb6ic48c33k"; @@ -536,9 +534,6 @@ in # Curl tools myip = "curl ifconfig.co"; - - # Start basic programs - controlpanel = "tmux new-session -d -s control; tmux attach -t control"; }; };