Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Move more things into their 'correct' place

Browse source
This commit is contained in:
Jimbo 2024-09-04 20:22:13 -04:00
parent ce31f4355e
commit b69c9dbbbf
9 changed files with 109 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/server.nix
View file

@ -35,6 +35,7 @@
./server/minecraft ./server/minecraft
./server/tandoor.nix ./server/tandoor.nix
./server/vaultwarden.nix ./server/vaultwarden.nix
./server/transmission.nix
./server/misc.nix ./server/misc.nix
# Matrix # Matrix

14
nixos/server/firewall.nix
View file

@ -8,27 +8,13 @@
in { in {
firewall = { firewall = {
allowPing = false; allowPing = false;
allowedTCPPorts = [
80 443 # Nginx
25565 19132 5657 # Pufferpanel
2299 # Gitea SSH
3478 5349 # Coturn
];
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ from = 8100; to = 8150; } # Azuracast { from = 8100; to = 8150; } # Azuracast
]; ];
allowedUDPPorts = [
25565 19132 # Minecraft Voicechat and Bedrock
3478 5349 # Coturn UDP
];
allowedUDPPortRanges = [
{ from = 49000; to = 50000; } # Coturn range
];
# Add extra input rules using nftables # Add extra input rules using nftables
extraInputRules = '' extraInputRules = ''
ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS" ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
''; '';
}; };

3
nixos/server/gitea.nix
View file

@ -30,4 +30,7 @@
}; };
}; };
}; };
# Allow Gitea SSH to work
networking.firewall.allowedTCPPorts = [ 2299 ];
} }

28
nixos/server/minecraft/servers/johnside.nix
View file

@ -1,7 +1,8 @@
{pkgs, ...}: let {pkgs, outputs, ...}: let
common = import ../common.nix { inherit pkgs; }; common = import ../common.nix { inherit pkgs; };
in { in {
services.minecraft-servers.servers.johnside = { services = {
minecraft-servers.servers.johnside = {
enable = true; enable = true;
package = pkgs.paperServers.paper-1_20_6; package = pkgs.paperServers.paper-1_20_6;
jvmOpts = "-Xmx4084M"; jvmOpts = "-Xmx4084M";
@ -38,4 +39,27 @@ in {
}; };
}; };
}; };
# BlueMap webhost
nginx.virtualHosts."john.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:31010";
proxyWebsockets = true;
};
};
};
# Allow Nginx to read and write to paths
systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
};
# Open HTTP and HTTPs ports
networking.firewall = {
allowedTCPPorts = [
80 443 # Nginx
];
};
} }

10
nixos/server/minecraft/servers/velocity.nix
View file

@ -36,4 +36,14 @@ in {
}; };
}; };
}; };
# Open ports for proxy
networking.firewall = {
allowedTCPPorts = [
25565 19132 5657 # Minecraft server info
];
allowedUDPPorts = [
25565 19132 # Minecraft server, VC, and Bedrock
];
};
} }

17
nixos/server/nginx.nix
View file

@ -40,16 +40,6 @@
}; };
}; };
}; };
# Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
"john.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:31010";
proxyWebsockets = true;
};
};
}; };
appendConfig = '' appendConfig = ''
rtmp { rtmp {
@ -76,4 +66,11 @@
systemd.services.nginx.serviceConfig = { systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
}; };
# Open HTTP and HTTPs ports
networking.firewall = {
allowedTCPPorts = [
80 443 # Nginx
];
};
} }

10
nixos/server/synapse.nix
View file

@ -121,4 +121,14 @@
}; };
}; };
}; };
# Open coturn ports
networking.firewall = {
allowedUDPPorts = [
3478 5349 # Coturn UDP
];
allowedUDPPortRanges = [
{ from = 49000; to = 50000; } # Coturn range
];
};
} }

20
nixos/server/transmission.nix Normal file
View file

@ -0,0 +1,20 @@
{pkgs, outputs, ...}: {
services = {
transmission = {
enable = true;
credentialsFile = pkgs.writeText "credentials" outputs.secrets.transmissionCredFile;
openPeerPorts = true;
settings = {
rpc-authentication-required = true;
};
};
nginx.virtualHosts."torrent.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9091";
proxyWebsockets = true;
};
};
};
}

BIN
secrets.nix
View file

Binary file not shown.