Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Change a lot, mostly adding 3 Minecraft servers and Velocity

Browse source
This commit is contained in:
Jimbo 2024-08-30 01:17:50 -04:00
parent 1d3c95e680
commit c6accc294d
37 changed files with 1732 additions and 200 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitattributes vendored
View file

@ -1 +1 @@
nixos/modules/secrets.nix filter=git-crypt diff=git-crypt secrets.nix filter=git-crypt diff=git-crypt

3
.gitmodules vendored
View file

@ -1,3 +0,0 @@
[submodule "nixos/server/webpages/Jimbo-Landing-Page"]
path = nixos/server/webpages/Jimbo-Landing-Page
url = ssh://gitea@git.jimbosfiles.com:2299/Jimbo/Jimbo-Landing-Page.git

5
flake.nix
View file

@ -9,7 +9,7 @@
mail.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; mail.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz"; blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz";
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:JimmJam/nix-minecraft";
# NixOS utils # NixOS utils
hardware.url = "github:nixos/nixos-hardware/master"; hardware.url = "github:nixos/nixos-hardware/master";
@ -47,6 +47,9 @@
# Your custom packages and modifications, exported as overlays # Your custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;}; overlays = import ./overlays {inherit inputs;};
# Secrets defined so they can be accessed globally
secrets = import ./secrets.nix;
# NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname' # NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname'
nixosConfigurations = { nixosConfigurations = {
JimDesktop = nixpkgs.lib.nixosSystem { JimDesktop = nixpkgs.lib.nixosSystem {

2
home-manager/jimbo_server.nix
View file

@ -13,7 +13,7 @@
in { in {
sysdate = "${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimServer"; sysdate = "${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimServer";
homedate = "home-manager switch --flake /etc/nixos/.#jimbo@JimServer"; homedate = "home-manager switch --flake /etc/nixos/.#jimbo@JimServer";
nixdate = "sysdate; homedate; notify-send 'NixOS switch done.'"; nixdate = "sysdate; homedate";
}; };
}; };
} }

14
nixos/base.nix
View file

@ -1,18 +1,10 @@
# This is your system's configuration file. # This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ {inputs, outputs, lib, config, pkgs, ...}: {
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other NixOS modules here # You can import other NixOS modules here
imports = [ imports = [
./modules/networking.nix ./modules/networking.nix
./modules/gpg.nix ./modules/gpg.nix
inputs.nix-minecraft.nixosModules.minecraft-servers
]; ];
nixpkgs = { nixpkgs = {
@ -63,9 +55,7 @@
}; };
# Set timezone # Set timezone
time.timeZone = let time.timeZone = outputs.secrets.timeZone;
secrets = import ./modules/secrets.nix;
in secrets.timeZone;
# Select a terminal font # Select a terminal font
console = { console = {

6
nixos/groups/nfs-share.nix
View file

@ -1,6 +0,0 @@
{
# Define group for NFS access
users.groups = {
nfsShare = {};
};
}

1
nixos/server.nix
View file

@ -32,6 +32,7 @@
./server/nginx.nix ./server/nginx.nix
./server/owncast.nix ./server/owncast.nix
./server/pufferpanel.nix ./server/pufferpanel.nix
./server/minecraft
./server/tandoor.nix ./server/tandoor.nix
./server/vaultwarden.nix ./server/vaultwarden.nix
./server/misc.nix ./server/misc.nix

10
nixos/server/acme.nix
View file

@ -1,11 +1,9 @@
{ {outputs, ...}: {
security.acme = let security.acme = {
secrets = import ../modules/secrets.nix;
in {
acceptTerms = true; acceptTerms = true;
defaults.email = secrets.jimEmail; defaults.email = outputs.secrets.jimEmail;
certs = { certs = {
"turn.${secrets.jimDomain}" = { "turn.${outputs.secrets.jimDomain}" = {
group = "turnserver"; group = "turnserver";
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";
}; };

28
nixos/server/ddclient.nix
View file

@ -1,24 +1,22 @@
{pkgs, ...}: { {pkgs, outputs, ...}: {
# DDClient for Dynamic IPs # DDClient for Dynamic IPs
services.ddclient = let services.ddclient = {
secrets = import ../modules/secrets.nix;
in {
enable = true; enable = true;
protocol = "cloudflare"; protocol = "cloudflare";
use = "web, web=https://ipinfo.io/ip"; use = "web, web=https://ipinfo.io/ip";
zone = "${secrets.jimDomain}"; zone = "${outputs.secrets.jimDomain}";
username = "token"; username = "token";
passwordFile = "${pkgs.writeText "cloudflareapikey" secrets.flareApiKey}"; passwordFile = "${pkgs.writeText "cloudflareapikey" outputs.secrets.flareApiKey}";
domains = [ domains = [
"${secrets.jimDomain}" "${outputs.secrets.jimDomain}"
"*.${secrets.jimDomain}" "*.${outputs.secrets.jimDomain}"
"beta.${secrets.jimDomain}" "beta.${outputs.secrets.jimDomain}"
"git.${secrets.jimDomain}" "git.${outputs.secrets.jimDomain}"
"john.${secrets.jimDomain}" "john.${outputs.secrets.jimDomain}"
"mc.${secrets.jimDomain}" "mc.${outputs.secrets.jimDomain}"
"mx.${secrets.jimDomain}" "mx.${outputs.secrets.jimDomain}"
"panel.${secrets.jimDomain}" "panel.${outputs.secrets.jimDomain}"
"rtmp.${secrets.jimDomain}" "rtmp.${outputs.secrets.jimDomain}"
]; ];
}; };
} }

6
nixos/server/docker.nix
View file

@ -1,13 +1,11 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
daemon.settings.log-driver = "json-file"; daemon.settings.log-driver = "json-file";
}; };
# Azuracast Nginx: TODO, get a better solution than docker lmao # Azuracast Nginx: TODO, get a better solution than docker lmao
services.nginx.virtualHosts."radio.${secrets.jimDomain}" = { services.nginx.virtualHosts."radio.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

16
nixos/server/element.nix
View file

@ -1,20 +1,18 @@
{pkgs, ...}: let {pkgs, outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
# Configure the Element web server # Configure the Element web server
nixpkgs.config.element-web.conf = { nixpkgs.config.element-web.conf = {
default_server_config = { default_server_config = {
"m.homeserver" = { "m.homeserver" = {
base_url = "https://matrix.${secrets.jimDomain}"; base_url = "https://matrix.${outputs.secrets.jimDomain}";
server_name = "matrix.${secrets.jimDomain}"; server_name = "matrix.${outputs.secrets.jimDomain}";
}; };
}; };
branding = { branding = {
#welcome_background_url = "https://staging.${secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; #welcome_background_url = "https://staging.${outputs.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
#auth_header_logo_url = "https://staging.${secrets.jimDomain}/images/logos/bloxelcom.png"; #auth_header_logo_url = "https://staging.${outputs.secrets.jimDomain}/images/logos/bloxelcom.png";
}; };
embedded_pages = { embedded_pages = {
home_url = "https://www.${secrets.jimDomain}/"; home_url = "https://www.${outputs.secrets.jimDomain}/";
}; };
disable_custom_urls = true; disable_custom_urls = true;
disable_guests = true; disable_guests = true;
@ -22,7 +20,7 @@ in {
}; };
# Serve the Element page over Nginx # Serve the Element page over Nginx
services.nginx.virtualHosts."chat.${secrets.jimDomain}" = { services.nginx.virtualHosts."chat.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
root = "${pkgs.element-web}"; root = "${pkgs.element-web}";

9
nixos/server/firewall.nix
View file

@ -1,11 +1,10 @@
{ {outputs, ...}: {
# Allow forwarding # Allow forwarding
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# Configure firewall # Configure firewall
networking = let networking = let
ips = import ../modules/ips.nix; ips = import ../modules/ips.nix;
secrets = import ../modules/secrets.nix;
in { in {
firewall = { firewall = {
allowPing = false; allowPing = false;
@ -30,7 +29,7 @@
extraInputRules = '' extraInputRules = ''
ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS" ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS" ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
ip saddr { ${ips.pc}, ${secrets.lunaIP}, ${secrets.cornIP}, ${secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
''; '';
}; };
@ -52,8 +51,8 @@
tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM" tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM"
udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM" udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM"
ip saddr ${secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM" ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
ip saddr ${secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM" ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
} }
chain POSTROUTING { chain POSTROUTING {
type nat hook postrouting priority 100; policy accept; type nat hook postrouting priority 100; policy accept;

18
nixos/server/gitea.nix
View file

@ -1,29 +1,27 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
gitea = { gitea = {
enable = true; enable = true;
settings = { settings = {
server = { server = {
DOMAIN = "git.${secrets.jimDomain}"; DOMAIN = "git.${outputs.secrets.jimDomain}";
ROOT_URL = "https://git.${secrets.jimDomain}:443"; ROOT_URL = "https://git.${outputs.secrets.jimDomain}:443";
HTTP_PORT = 3110; HTTP_PORT = 3110;
SSH_PORT = 2299; SSH_PORT = 2299;
START_SSH_SERVER = true; START_SSH_SERVER = true;
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
SMTP_ADDR = "mx.${secrets.jimDomain}"; SMTP_ADDR = "mx.${outputs.secrets.jimDomain}";
FROM = "Jimbo's Git <noreply@${secrets.jimDomain}>"; FROM = "Jimbo's Git <noreply@${outputs.secrets.jimDomain}>";
USER = "noreply@${secrets.jimDomain}"; USER = "noreply@${outputs.secrets.jimDomain}";
PASSWD = secrets.noreplyPassword; PASSWD = outputs.secrets.noreplyPassword;
PROTOCOL = "smtps"; PROTOCOL = "smtps";
}; };
service.REGISTER_EMAIL_CONFIRM = true; service.REGISTER_EMAIL_CONFIRM = true;
}; };
}; };
nginx.virtualHosts."git.${secrets.jimDomain}" = { nginx.virtualHosts."git.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

10
nixos/server/icecast.nix
View file

@ -1,18 +1,16 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
# Icecast, replacing Azuracast maybe # Icecast, replacing Azuracast maybe
services = { services = {
icecast = { icecast = {
enable = true; enable = true;
listen.port = 265; listen.port = 265;
hostname = "icecast.${secrets.jimDomain}"; hostname = "icecast.${outputs.secrets.jimDomain}";
admin = { admin = {
user = "jimbo"; user = "jimbo";
password = "${secrets.castPass}"; password = "${outputs.secrets.castPass}";
}; };
}; };
nginx.virtualHosts."icecast.${secrets.jimDomain}" = { nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

16
nixos/server/lemmy.nix
View file

@ -1,25 +1,23 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
lemmy = { lemmy = {
enable = true; enable = true;
nginx.enable = true; nginx.enable = true;
database.createLocally = true; database.createLocally = true;
settings = { settings = {
hostname = "lemmy.${secrets.jimDomain}"; hostname = "lemmy.${outputs.secrets.jimDomain}";
email = { email = {
smtp_server = "mx.${secrets.jimDomain}:587"; smtp_server = "mx.${outputs.secrets.jimDomain}:587";
smtp_login = "noreply@${secrets.jimDomain}"; smtp_login = "noreply@${outputs.secrets.jimDomain}";
smtp_from_address = "Jimbo's Lemmy <noreply@${secrets.jimDomain}>"; smtp_from_address = "Jimbo's Lemmy <noreply@${outputs.secrets.jimDomain}>";
smtp_password = secrets.noreplyPassword; smtp_password = outputs.secrets.noreplyPassword;
tls_type = "starttls"; tls_type = "starttls";
}; };
}; };
}; };
# Add SSL to webpage # Add SSL to webpage
nginx.virtualHosts."lemmy.${secrets.jimDomain}" = { nginx.virtualHosts."lemmy.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };

38
nixos/server/mailserver.nix
View file

@ -1,36 +1,34 @@
{pkgs, ...}: let {pkgs, outputs, ...}: rec {
secrets = import ../modules/secrets.nix;
in rec {
# Mail server # Mail server
mailserver = rec { mailserver = rec {
enable = true; enable = true;
enableManageSieve = true; enableManageSieve = true;
domains = [ "${secrets.jimDomain}" ]; domains = [ "${outputs.secrets.jimDomain}" ];
fqdn = "mx.${secrets.jimDomain}"; fqdn = "mx.${outputs.secrets.jimDomain}";
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
localDnsResolver = false; localDnsResolver = false;
redis.port = 1515; redis.port = 1515;
# A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = { loginAccounts = {
"noreply@${secrets.jimDomain}" = { "noreply@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash; hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash;
sendOnly = true; sendOnly = true;
}; };
"jimbo@${secrets.jimDomain}" = { "jimbo@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash; hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash;
aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
}; };
"lunamoonlight@${secrets.jimDomain}" = { "lunamoonlight@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash; hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash;
aliases = [ "us@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; aliases = [ "us@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
}; };
"freecorn1854@${secrets.jimDomain}" = { "freecorn1854@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash; hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash;
aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
}; };
"tinyattack09@${secrets.jimDomain}" = { "tinyattack09@${outputs.secrets.jimDomain}" = {
hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash; hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash;
}; };
}; };
}; };
@ -40,7 +38,7 @@ in rec {
# Roundcube mail server # Roundcube mail server
roundcube = { roundcube = {
enable = true; enable = true;
hostName = "mail.${secrets.jimDomain}"; hostName = "mail.${outputs.secrets.jimDomain}";
extraConfig = '' extraConfig = ''
$config['smtp_server'] = "tls://${mailserver.fqdn}"; $config['smtp_server'] = "tls://${mailserver.fqdn}";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";
@ -52,7 +50,7 @@ in rec {
redis.servers.rspamd.port = 1515; redis.servers.rspamd.port = 1515;
# The hostname mail ports use # The hostname mail ports use
nginx.virtualHosts."mx.${secrets.jimDomain}" = { nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

16
nixos/server/mastodon.nix
View file

@ -1,19 +1,17 @@
{pkgs, ...}: { {pkgs, outputs, ...}: {
services.mastodon = let services.mastodon = {
secrets = import ../modules/secrets.nix;
in {
enable = true; enable = true;
localDomain = "social.${secrets.jimDomain}"; localDomain = "social.${outputs.secrets.jimDomain}";
streamingProcesses = 4; streamingProcesses = 4;
configureNginx = true; configureNginx = true;
smtp = { smtp = {
createLocally = false; createLocally = false;
host = "mx.${secrets.jimDomain}"; host = "mx.${outputs.secrets.jimDomain}";
port = 587; port = 587;
authenticate = true; authenticate = true;
fromAddress = "Jimbo's Mastodon <noreply@${secrets.jimDomain}>"; fromAddress = "Jimbo's Mastodon <noreply@${outputs.secrets.jimDomain}>";
user = "noreply@${secrets.jimDomain}"; user = "noreply@${outputs.secrets.jimDomain}";
passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword; passwordFile = pkgs.writeText "smtp_pass.txt" outputs.secrets.noreplyPassword;
}; };
}; };
} }

12
nixos/server/matrix-discord.nix
View file

@ -1,17 +1,15 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services.matrix-appservice-discord = { services.matrix-appservice-discord = {
enable = true; enable = true;
settings = { settings = {
auth = { auth = {
clientID = "${secrets.discordBotID}"; clientID = "${outputs.secrets.discordBotID}";
botToken = "${secrets.discordBotToken}"; botToken = "${outputs.secrets.discordBotToken}";
usePrivilegedIntents = true; usePrivilegedIntents = true;
}; };
bridge = { bridge = {
domain = "${secrets.jimDomain}"; domain = "${outputs.secrets.jimDomain}";
homeserverUrl = "https://matrix.${secrets.jimDomain}"; homeserverUrl = "https://matrix.${outputs.secrets.jimDomain}";
}; };
}; };
}; };

66
nixos/server/minecraft/common.nix Normal file
View file

@ -0,0 +1,66 @@
{pkgs, ...}: {
# Common properties
serverProperties = {
enforce-secure-profile = false;
max-players = 20;
online-mode = false;
spawn-protection = 0;
view-distance = 10;
simulation-distance = 10;
white-list = true;
};
# Common whitelist
whitelist = {
K5G = "8656dc10-6050-4a17-b29e-88c4babbc54c";
K5U = "f583f591-ad9b-4a30-8d91-514881b31394";
JimmJam = "2f7affee-e10b-450f-a5e2-44c79a14a109";
DewDemolisher = "9205524f-3886-483d-b471-82bb9905671a";
Freecorn1854 = "8299cd8d-3cd4-4779-8180-0d9db6dc12a9";
Tinyattack09 = "aaa8e9e2-4e51-4925-b9df-8a9504aec5d5";
Ankha3000 = "dd65a277-f618-411e-812c-900c9c7e82d9";
catoiico = "01f10cdf-c146-437e-99b1-2278b5dbe420";
Sp0ok7 = "016c3daa-3dd5-4631-ae79-3a6f48d7cbe6";
PooxterMooxter = "c973f4b5-ab50-45e3-b3eb-36286a6f66aa";
};
# Common plugins
symlinks = {
"plugins/Backuper.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/7cMAqMND/versions/nkcNIvUw/Backuper-3.0.1.jar";
sha256 = "081hvs7khd9s8598i59ai8n0idp85rgc89m9hpfajwym9rmy7il4";
};
"plugins/BungeeGuard.jar" = builtins.fetchurl {
url = "https://github.com/lucko/BungeeGuard/releases/download/v1.3.3/BungeeGuard.jar";
sha256 = "0cackavwk7kl71hn1i78hcvkdp7q81srq35nranpvysbmm8v34vk";
};
"plugins/EssentialsX.jar" = builtins.fetchurl {
url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsX-2.21.0-dev+111-b54c8c1.jar";
sha256 = "0kcsgz5kcfbjc3nbdlgp549y497m4v90dnjqkv30sd1bfyzs9i5z";
};
"plugins/EssentialsXChat.jar" = builtins.fetchurl {
url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsXChat-2.21.0-dev+111-b54c8c1.jar";
sha256 = "0nraiclvnpl69gigs7h6vq55iksfd47clbzp7n3rsjmgvrbl1wil";
};
"plugins/LuckPerms.jar" = builtins.fetchurl {
url = "https://download.luckperms.net/1556/bukkit/loader/LuckPerms-Bukkit-5.4.141.jar";
sha256 = "02ad0dl34vdk6b1wyflqa6wq440xrh5w7yf3z3w1x1g089myddw4";
};
"plugins/ProtocolLib.jar" = builtins.fetchurl {
url = "https://ci.dmulloy2.net/job/ProtocolLib/lastSuccessfulBuild/artifact/build/libs/ProtocolLib.jar";
sha256 = "16krc7pyav4khnaxkyg27i5yxsgcdkildrn4nm5bhzh1f0ngqv2s";
};
"plugins/Vault.jar" = builtins.fetchurl {
url = "https://github.com/MilkBowl/Vault/releases/download/1.7.3/Vault.jar";
sha256 = "07fhfz7ycdlbmxsri11z02ywkby54g6wi9q0myxzap1syjbyvdd6";
};
"plugins/VoiceChat.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/nS19YToN/voicechat-bukkit-2.5.20.jar";
sha256 = "023wjx0zxf9rc2x9vsqg398wapz0nlwfs5g6c8pci3qx75i5s4jx";
};
# Config files
"plugins/Essentials/config.yml" = ./essentialsconfig.yml;
"plugins/voicechat/voicechat-server.properties" = ./vcserver.properties;
};
}

17
nixos/server/minecraft/default.nix Normal file
View file

@ -0,0 +1,17 @@
{inputs, ...}: {
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
./servers/velocity.nix
#./servers/viaproxy.nix
./servers/dewdemolisher.nix
./servers/johnside.nix
./servers/blockworld.nix
#./servers/beta.nix
];
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;
};
}

1210
nixos/server/minecraft/essentialsconfig.yml Normal file
View file

File diff suppressed because it is too large Load diff

17
nixos/server/minecraft/servers/blockworld.nix Normal file
View file

@ -0,0 +1,17 @@
{pkgs, ...}: let
common = import ../common.nix { inherit pkgs; };
in {
services.minecraft-servers.servers.blockworld = {
enable = true;
autoStart = false;
package = pkgs.paperServers.paper-1_21_1;
jvmOpts = "-Xmx4084M";
serverProperties = common.serverProperties // {
difficulty = 2;
server-port = 30012;
motd = "§fArchival §l§n§cBloxelcom §r§fMinecraft server.";
};
whitelist = common.whitelist;
symlinks = common.symlinks;
};
}

16
nixos/server/minecraft/servers/dewdemolisher.nix Normal file
View file

@ -0,0 +1,16 @@
{pkgs, ...}: let
common = import ../common.nix { inherit pkgs; };
in {
services.minecraft-servers.servers.dewdemolisher = {
enable = true;
package = pkgs.paperServers.paper-1_21_1;
jvmOpts = "-Xmx4084M";
serverProperties = common.serverProperties // {
difficulty = 2;
server-port = 30010;
motd = "§l§aDew Demolisher is here.";
};
whitelist = common.whitelist;
symlinks = common.symlinks;
};
}

41
nixos/server/minecraft/servers/johnside.nix Normal file
View file

@ -0,0 +1,41 @@
{pkgs, ...}: let
common = import ../common.nix { inherit pkgs; };
in {
services.minecraft-servers.servers.johnside = {
enable = true;
package = pkgs.paperServers.paper-1_20_6;
jvmOpts = "-Xmx4084M";
serverProperties = common.serverProperties // {
difficulty = 2;
server-port = 30009;
motd = "§l§aJohnside SMP§r §l§fworld for §4John lovers only.";
};
whitelist = common.whitelist;
symlinks = common.symlinks // {
"plugins/BlueMap.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
};
"plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
};
"plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
};
"plugins/CustomDiscs.jar" = builtins.fetchurl {
url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
};
"plugins/NotTooExpensive.jar" = builtins.fetchurl {
url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
};
"plugins/SilkTouchHands.jar" = builtins.fetchurl {
url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
};
};
};
}

39
nixos/server/minecraft/servers/velocity.nix Normal file
View file

@ -0,0 +1,39 @@
{pkgs, ...}: let
common = import ../common.nix { inherit pkgs; };
in {
services.minecraft-servers.servers.velocity = {
enable = true;
package = pkgs.velocityServers.velocity;
jvmOpts = "-Xmx512M";
symlinks = {
"plugins/Geyser.jar" = builtins.fetchurl {
url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.2/builds/660/downloads/velocity";
sha256 = "09z938v6xrgbiba8rxgi7cdh3xxkv9fdampy15k6fmwddmj9y4a2";
};
"plugins/Floodgate.jar" = builtins.fetchurl {
url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/109/downloads/velocity";
sha256 = "1hxdf38qzpzdnyn2gn1152fyd54bi37i0ayc82dgcjf0qrcbmv0c";
};
"plugins/LuckPerms.jar" = builtins.fetchurl {
url = "https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar";
sha256 = "0j5f7r3g8h4f8z8ppakwfk96hijp3slr0vxyj9v8x4h8w5rcl9d1";
};
"plugins/SkinsRestorer.jar" = builtins.fetchurl {
url = "https://github.com/SkinsRestorer/SkinsRestorer/releases/download/15.4.2/SkinsRestorer.jar";
sha256 = "14nl9mi958bfqwqz9182cxj7m6l15kalq3wjmjqzy50s52si35wf";
};
"plugins/ViaVersion.jar" = builtins.fetchurl {
url = "https://github.com/ViaVersion/ViaVersion/releases/download/5.0.3/ViaVersion-5.0.3.jar";
sha256 = "02gf91ysialgvbl0w8awa0dsi1yb33ac7clmz0wika1xigk9z10r";
};
"plugins/ViaBackwards.jar" = builtins.fetchurl {
url = "https://github.com/ViaVersion/ViaBackwards/releases/download/5.0.3/ViaBackwards-5.0.3.jar";
sha256 = "1wqk68pjrzl1zhajb9lxa1s6wzj85rb0c2riycv9yysr5bcxssqi";
};
"plugins/Voicechat.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/svvcJhgC/voicechat-velocity-2.5.20.jar";
sha256 = "0nw85x24qa9skbhfgbhsjl2r7d9xshr9f04nnq490zbgz7716lqq";
};
};
};
}

45
nixos/server/minecraft/vcserver.properties Normal file
View file

@ -0,0 +1,45 @@
# Simple Voice Chat server config v2.5.16
# The port of the voice chat server
# Setting this to "-1" sets the port to the Minecraft servers port (Not recommended)
port=-1
# The IP address to bind the voice chat server on
# Leave empty to use 'server-ip' of server.properties
# To bind to the wildcard address, use '*'
bind_address=
# The distance to where the voice can be heard
max_voice_distance=48.0
# The multiplier the voice distance will be reduced by when sneaking
crouch_distance_multiplier=1.0
# The multiplier the voice distance will be reduced by when whispering
whisper_distance_multiplier=0.5
# The opus codec
codec=VOIP
# The maximum size in bytes in a voice packet
# Set this to a lower value if your voice packets don't arrive
mtu_size=1024
# The frequency in which keep alive packets are sent
# Setting this to a higher value may result in timeouts
keep_alive=1000
# If group chats are allowed
enable_groups=true
# The host name that clients should use to connect to the voice chat
# This may also include a port, e.g. 'example.com:24454'
# Don't change this value if you don't know what you are doing
voice_host=
# If players are allowed to record the voice chat
allow_recording=true
# If spectators are allowed to talk to other players
spectator_interaction=false
# If spectators can talk to players they are spectating
spectator_player_possession=false
# If players without the mod should get kicked from the server
force_voice_chat=false
# The amount of milliseconds, the server should wait to check if the player has the mod installed
# Only active when force_voice_chat is set to true
login_timeout=10000
# The range where the voice chat should broadcast audio to
# A value <0 means 'max_voice_distance'
broadcast_range=-1.0
# If the voice chat server should reply to pings
allow_pings=true

133
nixos/server/minecraft/velocity.toml Normal file
View file

@ -0,0 +1,133 @@
# Config version. Do not change this
config-version = "2.7"
# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577.
bind = "0.0.0.0:25565"
# What should be the MOTD?
motd = "<#09add3>A Velocity Server"
# What should we display for the maximum number of players?
show-max-players = 500
# Should we authenticate players with Mojang? By default, this is on.
online-mode = true
# Should the proxy enforce the new public key security standard? By default, this is on.
force-key-authentication = true
# If client's ISP/AS sent from this proxy is different from the one from Mojang's
# authentication server, the player is kicked. This disallows some VPN and proxy
# connections but is a weak form of protection.
prevent-client-proxy-connections = false
# Should we forward IP addresses and other data to backend servers?
# - "none": No forwarding will be done. All players will appear to be connecting from the proxy and will have offline-mode UUIDs.
# - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use if you run servers using Minecraft 1.12 or lower.
# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard plugin. Use if you run servers using Minecraft 1.12 or lower, or if they don't support modern.
# - "modern": Forward player IPs and UUIDs as part of the login process using Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher.
player-info-forwarding-mode = "bungeeguard"
# If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here.
# The file is expected to be UTF-8 encoded and not empty.
forwarding-secret-file = "forwarding.secret"
# Announce whether or not your server supports Forge. If you run a modded server, we
# suggest turning this on.
#
# If your network runs one modpack consistently, use ping-passthrough = "mods" instead for a nicer display in the server list.
announce-forge = false
# If enabled and the proxy is in online mode, Velocity will kick
# any existing player who is online if a duplicate connection attempt is made.
kick-existing-players = false
# Should Velocity pass server list ping requests to a backend server?
# - "disabled": No pass-through will be done. The velocity.toml and server-icon.png will determine the initial server list ping response.
# - "mods": Passes only the mod list from your backend server into the response. The first server in your try list with a mod list will be used.
# - "description": Uses the description and mod list from the backend server. The first server in the try list that responds is used for the description and mod list.
# - "all": Uses the backend server's response as the proxy response. Velocity configuration is used as fallback.
ping-passthrough = "all"
# If not enabled (default is true) player IP addresses will be replaced by <ip address withheld> in logs
enable-player-address-logging = true
[servers]
dewdemolisher = "127.0.0.1:30010"
johnside = "127.0.0.1:30009"
bloxelcom = "127.0.0.1:30012"
beta = "127.0.0.1:30011"
# In what order we should try servers when a player logs in or is kicked from a server.
try = [
"dewdemolisher"
]
[forced-hosts]
# Configure your forced hosts here.
"mc.jimbosfiles.com" = [
"dewdemolisher"
]
"john.jimbosfiles.com" = [
"johnside"
]
"blox.jimbosfiles.com" = [
"bloxelcom"
]
"beta.jimbosfiles.com" = [
"beta"
]
[advanced]
# How large a Minecraft packet has to be before we compress it.
compression-threshold = 256
# How much compression should be done (from 0-9). The default is -1, which uses the default level of 6.
compression-level = -1
# How fast (in milliseconds) are clients allowed to connect after the last connection? By default, this is three seconds. Disable this by setting this to 0.
login-ratelimit = 3000
# Specify a custom timeout for connection timeouts here. The default is five seconds.
connection-timeout = 5000
# Specify a read timeout for connections here. The default is 30 seconds.
read-timeout = 30000
# Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then don't enable it.
haproxy-protocol = false
# Enables TCP fast open support on the proxy. Requires the proxy to run on Linux.
tcp-fast-open = false
# Enables BungeeCord plugin messaging channel support on Velocity.
bungee-plugin-message-channel = true
# Shows ping requests to the proxy from clients.
show-ping-requests = false
# By default, Velocity will attempt to gracefully handle situations where the user unexpectedly
# loses connection to the server without an explicit disconnect message by attempting to fall the
# user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You
# can disable this setting to use the BungeeCord behavior.
failover-on-unexpected-server-disconnect = true
# Declares the proxy commands to 1.13+ clients.
announce-proxy-commands = true
# Enables the logging of commands
log-command-executions = false
# Enables logging of player connections when connecting to the proxy, switching servers
# and disconnecting from the proxy.
log-player-connections = true
# Allows players transferred from other hosts via the
# Transfer packet (Minecraft 1.20.5) to be received.
accepts-transfers = false
[query]
enabled = false
port = 25577
map = "Velocity"
show-plugins = false

18
nixos/server/nextcloud.nix
View file

@ -1,11 +1,9 @@
{pkgs, ...}: let {pkgs, outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
nextcloud = { nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud29; package = pkgs.nextcloud29;
hostName = "cloud.${secrets.jimDomain}"; hostName = "cloud.${outputs.secrets.jimDomain}";
datadir = "/mnt/nextcloud"; datadir = "/mnt/nextcloud";
https = true; https = true;
config = { config = {
@ -14,21 +12,21 @@ in {
}; };
settings = { settings = {
trusted_proxies = [ "127.0.0.1" ]; trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${secrets.jimDomain}" ]; trusted_domains = [ "cloud.${outputs.secrets.jimDomain}" ];
overwriteprotocol = "https"; overwriteprotocol = "https";
# Mailserver settings # Mailserver settings
mail_smtphost = "mx.${secrets.jimDomain}"; mail_smtphost = "mx.${outputs.secrets.jimDomain}";
mail_domain = "${secrets.jimDomain}"; mail_domain = "${outputs.secrets.jimDomain}";
mail_from_address = "noreply"; mail_from_address = "noreply";
mail_smtpauth = "true"; mail_smtpauth = "true";
mail_smtpname = "noreply@${secrets.jimDomain}"; mail_smtpname = "noreply@${outputs.secrets.jimDomain}";
mail_smtppassword = secrets.noreplyPassword; mail_smtppassword = outputs.secrets.noreplyPassword;
mail_smtpmode = "smtp"; mail_smtpmode = "smtp";
mail_smtpport = 587; mail_smtpport = 587;
}; };
}; };
nginx.virtualHosts."cloud.${secrets.jimDomain}" = { nginx.virtualHosts."cloud.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
locations."/" = { locations."/" = {

22
nixos/server/nginx.nix
View file

@ -1,7 +1,5 @@
{pkgs, ...}: { {pkgs, outputs, ...}: {
services.nginx = let services.nginx = {
secrets = import ../modules/secrets.nix;
in {
enable = true; enable = true;
package = (pkgs.nginx.override { package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ]; modules = with pkgs.nginxModules; [ rtmp ];
@ -12,10 +10,10 @@
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
# Landing page # Landing page
"${secrets.jimDomain}" = { "${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
root = "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page"; root = "/var/www/Jimbo-Landing-Page";
locations = { locations = {
"/.well-known/matrix/client" = { "/.well-known/matrix/client" = {
extraConfig = '' extraConfig = ''
@ -23,13 +21,13 @@
return 200 ' return 200 '
{ {
"m.homeserver": { "m.homeserver": {
"base_url": "https://matrix.${secrets.jimDomain}" "base_url": "https://matrix.${outputs.secrets.jimDomain}"
}, },
"m.identity_server": { "m.identity_server": {
"base_url": "https://matrix.org" "base_url": "https://matrix.org"
}, },
"org.matrix.msc3575.proxy": { "org.matrix.msc3575.proxy": {
"url": "https://matrix.${secrets.jimDomain}" "url": "https://matrix.${outputs.secrets.jimDomain}"
} }
}'; }';
''; '';
@ -37,14 +35,14 @@
"/.well-known/matrix/server" = { "/.well-known/matrix/server" = {
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}'; return 200 '{"m.server": "matrix.${outputs.secrets.jimDomain}:443"}';
''; '';
}; };
}; };
}; };
# Bluemap Proxy, TODO, move this into the nix-minecraft flake configs # Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
"bluemap.${secrets.jimDomain}" = { "john.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
@ -64,7 +62,7 @@
live on; live on;
allow play all; allow play all;
hls on; hls on;
hls_path /var/www/jimweb/streams/hls; hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
hls_fragment_naming system; hls_fragment_naming system;
hls_fragment 3; hls_fragment 3;
hls_playlist_length 40; hls_playlist_length 40;
@ -76,6 +74,6 @@
# Allow Nginx to read and write to paths # Allow Nginx to read and write to paths
systemd.services.nginx.serviceConfig = { systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page" ]; ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
}; };
} }

6
nixos/server/owncast.nix
View file

@ -1,6 +1,4 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
owncast = { owncast = {
enable = true; enable = true;
@ -8,7 +6,7 @@ in {
rtmp-port = 1945; rtmp-port = 1945;
listen = "0.0.0.0"; listen = "0.0.0.0";
}; };
nginx.virtualHosts."live.${secrets.jimDomain}" = { nginx.virtualHosts."live.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

16
nixos/server/pufferpanel.nix
View file

@ -1,17 +1,15 @@
{pkgs, lib, ...}: let {pkgs, outputs, lib, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
pufferpanel = { pufferpanel = {
enable = true; enable = true;
environment = { environment = {
PUFFER_WEB_HOST = ":5010"; PUFFER_WEB_HOST = ":5010";
PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}"; PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${outputs.secrets.jimDomain}";
PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587"; PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}"; PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}"; PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
}; };
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
package = pkgs.buildFHSEnv { package = pkgs.buildFHSEnv {
@ -21,7 +19,7 @@ in {
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ]; targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
}; };
}; };
nginx.virtualHosts."panel.${secrets.jimDomain}" = { nginx.virtualHosts."panel.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

34
nixos/server/synapse.nix
View file

@ -1,13 +1,11 @@
{pkgs, config, ...}: let {pkgs, outputs, config, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
# Synapse Matrix server # Synapse Matrix server
matrix-synapse = with config.services.coturn; { matrix-synapse = with config.services.coturn; {
enable = true; enable = true;
settings = { settings = {
server_name = "${secrets.jimDomain}"; server_name = "${outputs.secrets.jimDomain}";
public_baseurl = "https://matrix.${secrets.jimDomain}"; public_baseurl = "https://matrix.${outputs.secrets.jimDomain}";
suppress_key_server_warning = true; suppress_key_server_warning = true;
# Set the network config # Set the network config
@ -23,10 +21,10 @@ in {
# Enable smtp for password resets # Enable smtp for password resets
email = { email = {
notif_from = "Jimbo's Matrix <noreply@${secrets.jimDomain}>"; notif_from = "Jimbo's Matrix <noreply@${outputs.secrets.jimDomain}>";
smtp_host = "mx.${secrets.jimDomain}"; smtp_host = "mx.${outputs.secrets.jimDomain}";
smtp_user = "noreply@${secrets.jimDomain}"; smtp_user = "noreply@${outputs.secrets.jimDomain}";
smtp_pass = secrets.noreplyPassword; smtp_pass = outputs.secrets.noreplyPassword;
enable_tls = true; enable_tls = true;
smtp_port = 587; smtp_port = 587;
require_transport_security = true; require_transport_security = true;
@ -61,8 +59,8 @@ in {
# Turn settings # Turn settings
turn_uris = [ turn_uris = [
"turn:turn.${secrets.jimDomain}:3478?transport=udp" "turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp"
"turn:turn.${secrets.jimDomain}:3478?transport=tcp" "turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp"
]; ];
turn_shared_secret = static-auth-secret; turn_shared_secret = static-auth-secret;
turn_user_lifetime = "1h"; turn_user_lifetime = "1h";
@ -75,12 +73,12 @@ in {
# Sliding sync proxy for Matrix # Sliding sync proxy for Matrix
matrix-sliding-sync = let matrix-sliding-sync = let
matrixSecretFile = pkgs.writeText "matrixsecret" '' matrixSecretFile = pkgs.writeText "matrixsecret" ''
SYNCV3_SECRET=${secrets.matrixSecret} SYNCV3_SECRET=${outputs.secrets.matrixSecret}
''; '';
in { in {
enable = true; enable = true;
settings = { settings = {
SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}"; SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}";
SYNCV3_BINDADDR = "0.0.0.0:8009"; SYNCV3_BINDADDR = "0.0.0.0:8009";
}; };
environmentFile = "${matrixSecretFile}"; environmentFile = "${matrixSecretFile}";
@ -95,14 +93,14 @@ in {
max-port = 50000; max-port = 50000;
use-auth-secret = true; use-auth-secret = true;
static-auth-secret = "will be world readable for local users :("; static-auth-secret = "will be world readable for local users :(";
realm = "turn.${secrets.jimDomain}"; realm = "turn.${outputs.secrets.jimDomain}";
cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem"; cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem"; pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
}; };
# Nginx # Nginx
nginx.virtualHosts = { nginx.virtualHosts = {
"matrix.${secrets.jimDomain}" = { "matrix.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations = { locations = {
@ -113,7 +111,7 @@ in {
"/_synapse/client".proxyPass = "http://127.0.0.1:8008"; "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
}; };
}; };
"turn.${secrets.jimDomain}" = { "turn.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
listen = [ listen = [

6
nixos/server/tandoor.nix
View file

@ -1,12 +1,10 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
tandoor-recipes = { tandoor-recipes = {
enable = true; enable = true;
port = 5030; port = 5030;
}; };
nginx.virtualHosts."recipes.${secrets.jimDomain}" = { nginx.virtualHosts."recipes.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

16
nixos/server/vaultwarden.nix
View file

@ -1,28 +1,26 @@
let {outputs, ...}: {
secrets = import ../modules/secrets.nix;
in {
services = { services = {
vaultwarden = { vaultwarden = {
enable = true; enable = true;
config = { config = {
DOMAIN = "https://warden.${secrets.jimDomain}"; DOMAIN = "https://warden.${outputs.secrets.jimDomain}";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222; ROCKET_PORT = 8222;
ROCKET_LOG = "critical"; ROCKET_LOG = "critical";
# Smtp email # Smtp email
SMTP_HOST = "mx.${secrets.jimDomain}"; SMTP_HOST = "mx.${outputs.secrets.jimDomain}";
SMTP_FROM = "Jimbo's Vaultwarden <noreply@${secrets.jimDomain}>"; SMTP_FROM = "Jimbo's Vaultwarden <noreply@${outputs.secrets.jimDomain}>";
SMTP_FROM_NAME = "Vaultwarden"; SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@${secrets.jimDomain}"; SMTP_USERNAME = "noreply@${outputs.secrets.jimDomain}";
SMTP_PASSWORD = secrets.noreplyPassword; SMTP_PASSWORD = outputs.secrets.noreplyPassword;
SMTP_SECURITY = "starttls"; SMTP_SECURITY = "starttls";
SMTP_PORT = 587; SMTP_PORT = 587;
SMTP_TIMEOUT = 15; SMTP_TIMEOUT = 15;
}; };
}; };
nginx.virtualHosts."warden.${secrets.jimDomain}" = { nginx.virtualHosts."warden.${outputs.secrets.jimDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

1
nixos/server/webpages/Jimbo-Landing-Page

@ -1 +0,0 @@
Subproject commit 4822d4c9f78f245ec2b4b68baba271c0a32225bf

11
nixos/users/jimbo.nix
View file

@ -1,12 +1,10 @@
{pkgs, ...}: { {pkgs, outputs, ...}: {
users.users = { users.users = {
jimbo = let jimbo = {
secrets = import ../modules/secrets.nix;
in {
description = "Jimbo"; description = "Jimbo";
hashedPassword = secrets.jimboAccPass; hashedPassword = outputs.secrets.jimboAccPass;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = secrets.jimKeys; openssh.authorizedKeys.keys = outputs.secrets.jimKeys;
extraGroups = [ extraGroups = [
"wheel" "wheel"
"audio" "audio"
@ -21,6 +19,7 @@
"qemu-libvirtd" "qemu-libvirtd"
"docker" "docker"
"nginx" "nginx"
"minecraft"
"nfsShare" "nfsShare"
]; ];
uid = 1000; uid = 1000;

0
nixos/modules/secrets.nix → secrets.nix
View file