Change a lot, mostly adding 3 Minecraft servers and Velocity
This commit is contained in:
parent
1d3c95e680
commit
c6accc294d
2
.gitattributes
vendored
2
.gitattributes
vendored
|
@ -1 +1 @@
|
|||
nixos/modules/secrets.nix filter=git-crypt diff=git-crypt
|
||||
secrets.nix filter=git-crypt diff=git-crypt
|
||||
|
|
3
.gitmodules
vendored
3
.gitmodules
vendored
|
@ -1,3 +0,0 @@
|
|||
[submodule "nixos/server/webpages/Jimbo-Landing-Page"]
|
||||
path = nixos/server/webpages/Jimbo-Landing-Page
|
||||
url = ssh://gitea@git.jimbosfiles.com:2299/Jimbo/Jimbo-Landing-Page.git
|
|
@ -9,7 +9,7 @@
|
|||
mail.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
||||
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||
blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz";
|
||||
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
|
||||
nix-minecraft.url = "github:JimmJam/nix-minecraft";
|
||||
|
||||
# NixOS utils
|
||||
hardware.url = "github:nixos/nixos-hardware/master";
|
||||
|
@ -47,6 +47,9 @@
|
|||
# Your custom packages and modifications, exported as overlays
|
||||
overlays = import ./overlays {inherit inputs;};
|
||||
|
||||
# Secrets defined so they can be accessed globally
|
||||
secrets = import ./secrets.nix;
|
||||
|
||||
# NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname'
|
||||
nixosConfigurations = {
|
||||
JimDesktop = nixpkgs.lib.nixosSystem {
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
in {
|
||||
sysdate = "${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimServer";
|
||||
homedate = "home-manager switch --flake /etc/nixos/.#jimbo@JimServer";
|
||||
nixdate = "sysdate; homedate; notify-send 'NixOS switch done.'";
|
||||
nixdate = "sysdate; homedate";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,18 +1,10 @@
|
|||
# This is your system's configuration file.
|
||||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
{inputs, outputs, lib, config, pkgs, ...}: {
|
||||
# You can import other NixOS modules here
|
||||
imports = [
|
||||
./modules/networking.nix
|
||||
./modules/gpg.nix
|
||||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
|
@ -63,9 +55,7 @@
|
|||
};
|
||||
|
||||
# Set timezone
|
||||
time.timeZone = let
|
||||
secrets = import ./modules/secrets.nix;
|
||||
in secrets.timeZone;
|
||||
time.timeZone = outputs.secrets.timeZone;
|
||||
|
||||
# Select a terminal font
|
||||
console = {
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
# Define group for NFS access
|
||||
users.groups = {
|
||||
nfsShare = {};
|
||||
};
|
||||
}
|
|
@ -32,6 +32,7 @@
|
|||
./server/nginx.nix
|
||||
./server/owncast.nix
|
||||
./server/pufferpanel.nix
|
||||
./server/minecraft
|
||||
./server/tandoor.nix
|
||||
./server/vaultwarden.nix
|
||||
./server/misc.nix
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
{
|
||||
security.acme = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = secrets.jimEmail;
|
||||
defaults.email = outputs.secrets.jimEmail;
|
||||
certs = {
|
||||
"turn.${secrets.jimDomain}" = {
|
||||
"turn.${outputs.secrets.jimDomain}" = {
|
||||
group = "turnserver";
|
||||
postRun = "systemctl restart coturn.service";
|
||||
};
|
||||
|
|
|
@ -1,24 +1,22 @@
|
|||
{pkgs, ...}: {
|
||||
{pkgs, outputs, ...}: {
|
||||
# DDClient for Dynamic IPs
|
||||
services.ddclient = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services.ddclient = {
|
||||
enable = true;
|
||||
protocol = "cloudflare";
|
||||
use = "web, web=https://ipinfo.io/ip";
|
||||
zone = "${secrets.jimDomain}";
|
||||
zone = "${outputs.secrets.jimDomain}";
|
||||
username = "token";
|
||||
passwordFile = "${pkgs.writeText "cloudflareapikey" secrets.flareApiKey}";
|
||||
passwordFile = "${pkgs.writeText "cloudflareapikey" outputs.secrets.flareApiKey}";
|
||||
domains = [
|
||||
"${secrets.jimDomain}"
|
||||
"*.${secrets.jimDomain}"
|
||||
"beta.${secrets.jimDomain}"
|
||||
"git.${secrets.jimDomain}"
|
||||
"john.${secrets.jimDomain}"
|
||||
"mc.${secrets.jimDomain}"
|
||||
"mx.${secrets.jimDomain}"
|
||||
"panel.${secrets.jimDomain}"
|
||||
"rtmp.${secrets.jimDomain}"
|
||||
"${outputs.secrets.jimDomain}"
|
||||
"*.${outputs.secrets.jimDomain}"
|
||||
"beta.${outputs.secrets.jimDomain}"
|
||||
"git.${outputs.secrets.jimDomain}"
|
||||
"john.${outputs.secrets.jimDomain}"
|
||||
"mc.${outputs.secrets.jimDomain}"
|
||||
"mx.${outputs.secrets.jimDomain}"
|
||||
"panel.${outputs.secrets.jimDomain}"
|
||||
"rtmp.${outputs.secrets.jimDomain}"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
daemon.settings.log-driver = "json-file";
|
||||
};
|
||||
|
||||
# Azuracast Nginx: TODO, get a better solution than docker lmao
|
||||
services.nginx.virtualHosts."radio.${secrets.jimDomain}" = {
|
||||
services.nginx.virtualHosts."radio.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,20 +1,18 @@
|
|||
{pkgs, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, outputs, ...}: {
|
||||
# Configure the Element web server
|
||||
nixpkgs.config.element-web.conf = {
|
||||
default_server_config = {
|
||||
"m.homeserver" = {
|
||||
base_url = "https://matrix.${secrets.jimDomain}";
|
||||
server_name = "matrix.${secrets.jimDomain}";
|
||||
base_url = "https://matrix.${outputs.secrets.jimDomain}";
|
||||
server_name = "matrix.${outputs.secrets.jimDomain}";
|
||||
};
|
||||
};
|
||||
branding = {
|
||||
#welcome_background_url = "https://staging.${secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
|
||||
#auth_header_logo_url = "https://staging.${secrets.jimDomain}/images/logos/bloxelcom.png";
|
||||
#welcome_background_url = "https://staging.${outputs.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
|
||||
#auth_header_logo_url = "https://staging.${outputs.secrets.jimDomain}/images/logos/bloxelcom.png";
|
||||
};
|
||||
embedded_pages = {
|
||||
home_url = "https://www.${secrets.jimDomain}/";
|
||||
home_url = "https://www.${outputs.secrets.jimDomain}/";
|
||||
};
|
||||
disable_custom_urls = true;
|
||||
disable_guests = true;
|
||||
|
@ -22,7 +20,7 @@ in {
|
|||
};
|
||||
|
||||
# Serve the Element page over Nginx
|
||||
services.nginx.virtualHosts."chat.${secrets.jimDomain}" = {
|
||||
services.nginx.virtualHosts."chat.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "${pkgs.element-web}";
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
{
|
||||
{outputs, ...}: {
|
||||
# Allow forwarding
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
# Configure firewall
|
||||
networking = let
|
||||
ips = import ../modules/ips.nix;
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
firewall = {
|
||||
allowPing = false;
|
||||
|
@ -30,7 +29,7 @@
|
|||
extraInputRules = ''
|
||||
ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
|
||||
ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
|
||||
ip saddr { ${ips.pc}, ${secrets.lunaIP}, ${secrets.cornIP}, ${secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
|
||||
ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -52,8 +51,8 @@
|
|||
tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM"
|
||||
udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM"
|
||||
|
||||
ip saddr ${secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
|
||||
ip saddr ${secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
|
||||
ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
|
||||
ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
|
||||
}
|
||||
chain POSTROUTING {
|
||||
type nat hook postrouting priority 100; policy accept;
|
||||
|
|
|
@ -1,29 +1,27 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
services = {
|
||||
gitea = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "git.${secrets.jimDomain}";
|
||||
ROOT_URL = "https://git.${secrets.jimDomain}:443";
|
||||
DOMAIN = "git.${outputs.secrets.jimDomain}";
|
||||
ROOT_URL = "https://git.${outputs.secrets.jimDomain}:443";
|
||||
HTTP_PORT = 3110;
|
||||
SSH_PORT = 2299;
|
||||
START_SSH_SERVER = true;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
SMTP_ADDR = "mx.${secrets.jimDomain}";
|
||||
FROM = "Jimbo's Git <noreply@${secrets.jimDomain}>";
|
||||
USER = "noreply@${secrets.jimDomain}";
|
||||
PASSWD = secrets.noreplyPassword;
|
||||
SMTP_ADDR = "mx.${outputs.secrets.jimDomain}";
|
||||
FROM = "Jimbo's Git <noreply@${outputs.secrets.jimDomain}>";
|
||||
USER = "noreply@${outputs.secrets.jimDomain}";
|
||||
PASSWD = outputs.secrets.noreplyPassword;
|
||||
PROTOCOL = "smtps";
|
||||
};
|
||||
service.REGISTER_EMAIL_CONFIRM = true;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."git.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."git.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,18 +1,16 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
# Icecast, replacing Azuracast maybe
|
||||
services = {
|
||||
icecast = {
|
||||
enable = true;
|
||||
listen.port = 265;
|
||||
hostname = "icecast.${secrets.jimDomain}";
|
||||
hostname = "icecast.${outputs.secrets.jimDomain}";
|
||||
admin = {
|
||||
user = "jimbo";
|
||||
password = "${secrets.castPass}";
|
||||
password = "${outputs.secrets.castPass}";
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."icecast.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,25 +1,23 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
services = {
|
||||
lemmy = {
|
||||
enable = true;
|
||||
nginx.enable = true;
|
||||
database.createLocally = true;
|
||||
settings = {
|
||||
hostname = "lemmy.${secrets.jimDomain}";
|
||||
hostname = "lemmy.${outputs.secrets.jimDomain}";
|
||||
email = {
|
||||
smtp_server = "mx.${secrets.jimDomain}:587";
|
||||
smtp_login = "noreply@${secrets.jimDomain}";
|
||||
smtp_from_address = "Jimbo's Lemmy <noreply@${secrets.jimDomain}>";
|
||||
smtp_password = secrets.noreplyPassword;
|
||||
smtp_server = "mx.${outputs.secrets.jimDomain}:587";
|
||||
smtp_login = "noreply@${outputs.secrets.jimDomain}";
|
||||
smtp_from_address = "Jimbo's Lemmy <noreply@${outputs.secrets.jimDomain}>";
|
||||
smtp_password = outputs.secrets.noreplyPassword;
|
||||
tls_type = "starttls";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Add SSL to webpage
|
||||
nginx.virtualHosts."lemmy.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."lemmy.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
|
|
@ -1,36 +1,34 @@
|
|||
{pkgs, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in rec {
|
||||
{pkgs, outputs, ...}: rec {
|
||||
# Mail server
|
||||
mailserver = rec {
|
||||
enable = true;
|
||||
enableManageSieve = true;
|
||||
domains = [ "${secrets.jimDomain}" ];
|
||||
fqdn = "mx.${secrets.jimDomain}";
|
||||
domains = [ "${outputs.secrets.jimDomain}" ];
|
||||
fqdn = "mx.${outputs.secrets.jimDomain}";
|
||||
certificateScheme = "acme-nginx";
|
||||
localDnsResolver = false;
|
||||
redis.port = 1515;
|
||||
|
||||
# A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||
loginAccounts = {
|
||||
"noreply@${secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash;
|
||||
"noreply@${outputs.secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash;
|
||||
sendOnly = true;
|
||||
};
|
||||
"jimbo@${secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash;
|
||||
aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ];
|
||||
"jimbo@${outputs.secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash;
|
||||
aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
|
||||
};
|
||||
"lunamoonlight@${secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash;
|
||||
aliases = [ "us@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ];
|
||||
"lunamoonlight@${outputs.secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash;
|
||||
aliases = [ "us@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
|
||||
};
|
||||
"freecorn1854@${secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash;
|
||||
aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ];
|
||||
"freecorn1854@${outputs.secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash;
|
||||
aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
|
||||
};
|
||||
"tinyattack09@${secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash;
|
||||
"tinyattack09@${outputs.secrets.jimDomain}" = {
|
||||
hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -40,7 +38,7 @@ in rec {
|
|||
# Roundcube mail server
|
||||
roundcube = {
|
||||
enable = true;
|
||||
hostName = "mail.${secrets.jimDomain}";
|
||||
hostName = "mail.${outputs.secrets.jimDomain}";
|
||||
extraConfig = ''
|
||||
$config['smtp_server'] = "tls://${mailserver.fqdn}";
|
||||
$config['smtp_user'] = "%u";
|
||||
|
@ -52,7 +50,7 @@ in rec {
|
|||
redis.servers.rspamd.port = 1515;
|
||||
|
||||
# The hostname mail ports use
|
||||
nginx.virtualHosts."mx.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,19 +1,17 @@
|
|||
{pkgs, ...}: {
|
||||
services.mastodon = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, outputs, ...}: {
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
localDomain = "social.${secrets.jimDomain}";
|
||||
localDomain = "social.${outputs.secrets.jimDomain}";
|
||||
streamingProcesses = 4;
|
||||
configureNginx = true;
|
||||
smtp = {
|
||||
createLocally = false;
|
||||
host = "mx.${secrets.jimDomain}";
|
||||
host = "mx.${outputs.secrets.jimDomain}";
|
||||
port = 587;
|
||||
authenticate = true;
|
||||
fromAddress = "Jimbo's Mastodon <noreply@${secrets.jimDomain}>";
|
||||
user = "noreply@${secrets.jimDomain}";
|
||||
passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword;
|
||||
fromAddress = "Jimbo's Mastodon <noreply@${outputs.secrets.jimDomain}>";
|
||||
user = "noreply@${outputs.secrets.jimDomain}";
|
||||
passwordFile = pkgs.writeText "smtp_pass.txt" outputs.secrets.noreplyPassword;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,17 +1,15 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
services.matrix-appservice-discord = {
|
||||
enable = true;
|
||||
settings = {
|
||||
auth = {
|
||||
clientID = "${secrets.discordBotID}";
|
||||
botToken = "${secrets.discordBotToken}";
|
||||
clientID = "${outputs.secrets.discordBotID}";
|
||||
botToken = "${outputs.secrets.discordBotToken}";
|
||||
usePrivilegedIntents = true;
|
||||
};
|
||||
bridge = {
|
||||
domain = "${secrets.jimDomain}";
|
||||
homeserverUrl = "https://matrix.${secrets.jimDomain}";
|
||||
domain = "${outputs.secrets.jimDomain}";
|
||||
homeserverUrl = "https://matrix.${outputs.secrets.jimDomain}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
66
nixos/server/minecraft/common.nix
Normal file
66
nixos/server/minecraft/common.nix
Normal file
|
@ -0,0 +1,66 @@
|
|||
{pkgs, ...}: {
|
||||
# Common properties
|
||||
serverProperties = {
|
||||
enforce-secure-profile = false;
|
||||
max-players = 20;
|
||||
online-mode = false;
|
||||
spawn-protection = 0;
|
||||
view-distance = 10;
|
||||
simulation-distance = 10;
|
||||
white-list = true;
|
||||
};
|
||||
|
||||
# Common whitelist
|
||||
whitelist = {
|
||||
K5G = "8656dc10-6050-4a17-b29e-88c4babbc54c";
|
||||
K5U = "f583f591-ad9b-4a30-8d91-514881b31394";
|
||||
JimmJam = "2f7affee-e10b-450f-a5e2-44c79a14a109";
|
||||
DewDemolisher = "9205524f-3886-483d-b471-82bb9905671a";
|
||||
Freecorn1854 = "8299cd8d-3cd4-4779-8180-0d9db6dc12a9";
|
||||
Tinyattack09 = "aaa8e9e2-4e51-4925-b9df-8a9504aec5d5";
|
||||
Ankha3000 = "dd65a277-f618-411e-812c-900c9c7e82d9";
|
||||
catoiico = "01f10cdf-c146-437e-99b1-2278b5dbe420";
|
||||
Sp0ok7 = "016c3daa-3dd5-4631-ae79-3a6f48d7cbe6";
|
||||
PooxterMooxter = "c973f4b5-ab50-45e3-b3eb-36286a6f66aa";
|
||||
};
|
||||
|
||||
# Common plugins
|
||||
symlinks = {
|
||||
"plugins/Backuper.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/7cMAqMND/versions/nkcNIvUw/Backuper-3.0.1.jar";
|
||||
sha256 = "081hvs7khd9s8598i59ai8n0idp85rgc89m9hpfajwym9rmy7il4";
|
||||
};
|
||||
"plugins/BungeeGuard.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/lucko/BungeeGuard/releases/download/v1.3.3/BungeeGuard.jar";
|
||||
sha256 = "0cackavwk7kl71hn1i78hcvkdp7q81srq35nranpvysbmm8v34vk";
|
||||
};
|
||||
"plugins/EssentialsX.jar" = builtins.fetchurl {
|
||||
url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsX-2.21.0-dev+111-b54c8c1.jar";
|
||||
sha256 = "0kcsgz5kcfbjc3nbdlgp549y497m4v90dnjqkv30sd1bfyzs9i5z";
|
||||
};
|
||||
"plugins/EssentialsXChat.jar" = builtins.fetchurl {
|
||||
url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsXChat-2.21.0-dev+111-b54c8c1.jar";
|
||||
sha256 = "0nraiclvnpl69gigs7h6vq55iksfd47clbzp7n3rsjmgvrbl1wil";
|
||||
};
|
||||
"plugins/LuckPerms.jar" = builtins.fetchurl {
|
||||
url = "https://download.luckperms.net/1556/bukkit/loader/LuckPerms-Bukkit-5.4.141.jar";
|
||||
sha256 = "02ad0dl34vdk6b1wyflqa6wq440xrh5w7yf3z3w1x1g089myddw4";
|
||||
};
|
||||
"plugins/ProtocolLib.jar" = builtins.fetchurl {
|
||||
url = "https://ci.dmulloy2.net/job/ProtocolLib/lastSuccessfulBuild/artifact/build/libs/ProtocolLib.jar";
|
||||
sha256 = "16krc7pyav4khnaxkyg27i5yxsgcdkildrn4nm5bhzh1f0ngqv2s";
|
||||
};
|
||||
"plugins/Vault.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/MilkBowl/Vault/releases/download/1.7.3/Vault.jar";
|
||||
sha256 = "07fhfz7ycdlbmxsri11z02ywkby54g6wi9q0myxzap1syjbyvdd6";
|
||||
};
|
||||
"plugins/VoiceChat.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/nS19YToN/voicechat-bukkit-2.5.20.jar";
|
||||
sha256 = "023wjx0zxf9rc2x9vsqg398wapz0nlwfs5g6c8pci3qx75i5s4jx";
|
||||
};
|
||||
|
||||
# Config files
|
||||
"plugins/Essentials/config.yml" = ./essentialsconfig.yml;
|
||||
"plugins/voicechat/voicechat-server.properties" = ./vcserver.properties;
|
||||
};
|
||||
}
|
17
nixos/server/minecraft/default.nix
Normal file
17
nixos/server/minecraft/default.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{inputs, ...}: {
|
||||
imports = [
|
||||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||
./servers/velocity.nix
|
||||
#./servers/viaproxy.nix
|
||||
./servers/dewdemolisher.nix
|
||||
./servers/johnside.nix
|
||||
./servers/blockworld.nix
|
||||
#./servers/beta.nix
|
||||
];
|
||||
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
|
||||
|
||||
services.minecraft-servers = {
|
||||
enable = true;
|
||||
eula = true;
|
||||
};
|
||||
}
|
1210
nixos/server/minecraft/essentialsconfig.yml
Normal file
1210
nixos/server/minecraft/essentialsconfig.yml
Normal file
File diff suppressed because it is too large
Load diff
17
nixos/server/minecraft/servers/blockworld.nix
Normal file
17
nixos/server/minecraft/servers/blockworld.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{pkgs, ...}: let
|
||||
common = import ../common.nix { inherit pkgs; };
|
||||
in {
|
||||
services.minecraft-servers.servers.blockworld = {
|
||||
enable = true;
|
||||
autoStart = false;
|
||||
package = pkgs.paperServers.paper-1_21_1;
|
||||
jvmOpts = "-Xmx4084M";
|
||||
serverProperties = common.serverProperties // {
|
||||
difficulty = 2;
|
||||
server-port = 30012;
|
||||
motd = "§fArchival §l§n§cBloxelcom §r§fMinecraft server.";
|
||||
};
|
||||
whitelist = common.whitelist;
|
||||
symlinks = common.symlinks;
|
||||
};
|
||||
}
|
16
nixos/server/minecraft/servers/dewdemolisher.nix
Normal file
16
nixos/server/minecraft/servers/dewdemolisher.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{pkgs, ...}: let
|
||||
common = import ../common.nix { inherit pkgs; };
|
||||
in {
|
||||
services.minecraft-servers.servers.dewdemolisher = {
|
||||
enable = true;
|
||||
package = pkgs.paperServers.paper-1_21_1;
|
||||
jvmOpts = "-Xmx4084M";
|
||||
serverProperties = common.serverProperties // {
|
||||
difficulty = 2;
|
||||
server-port = 30010;
|
||||
motd = "§l§aDew Demolisher is here.";
|
||||
};
|
||||
whitelist = common.whitelist;
|
||||
symlinks = common.symlinks;
|
||||
};
|
||||
}
|
41
nixos/server/minecraft/servers/johnside.nix
Normal file
41
nixos/server/minecraft/servers/johnside.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{pkgs, ...}: let
|
||||
common = import ../common.nix { inherit pkgs; };
|
||||
in {
|
||||
services.minecraft-servers.servers.johnside = {
|
||||
enable = true;
|
||||
package = pkgs.paperServers.paper-1_20_6;
|
||||
jvmOpts = "-Xmx4084M";
|
||||
serverProperties = common.serverProperties // {
|
||||
difficulty = 2;
|
||||
server-port = 30009;
|
||||
motd = "§l§aJohnside SMP§r §l§fworld for §4John lovers only.";
|
||||
};
|
||||
whitelist = common.whitelist;
|
||||
symlinks = common.symlinks // {
|
||||
"plugins/BlueMap.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
|
||||
sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
|
||||
};
|
||||
"plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
|
||||
sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
|
||||
};
|
||||
"plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
|
||||
sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
|
||||
};
|
||||
"plugins/CustomDiscs.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
|
||||
sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
|
||||
};
|
||||
"plugins/NotTooExpensive.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
|
||||
sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
|
||||
};
|
||||
"plugins/SilkTouchHands.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
|
||||
sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
39
nixos/server/minecraft/servers/velocity.nix
Normal file
39
nixos/server/minecraft/servers/velocity.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{pkgs, ...}: let
|
||||
common = import ../common.nix { inherit pkgs; };
|
||||
in {
|
||||
services.minecraft-servers.servers.velocity = {
|
||||
enable = true;
|
||||
package = pkgs.velocityServers.velocity;
|
||||
jvmOpts = "-Xmx512M";
|
||||
symlinks = {
|
||||
"plugins/Geyser.jar" = builtins.fetchurl {
|
||||
url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.2/builds/660/downloads/velocity";
|
||||
sha256 = "09z938v6xrgbiba8rxgi7cdh3xxkv9fdampy15k6fmwddmj9y4a2";
|
||||
};
|
||||
"plugins/Floodgate.jar" = builtins.fetchurl {
|
||||
url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/109/downloads/velocity";
|
||||
sha256 = "1hxdf38qzpzdnyn2gn1152fyd54bi37i0ayc82dgcjf0qrcbmv0c";
|
||||
};
|
||||
"plugins/LuckPerms.jar" = builtins.fetchurl {
|
||||
url = "https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar";
|
||||
sha256 = "0j5f7r3g8h4f8z8ppakwfk96hijp3slr0vxyj9v8x4h8w5rcl9d1";
|
||||
};
|
||||
"plugins/SkinsRestorer.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/SkinsRestorer/SkinsRestorer/releases/download/15.4.2/SkinsRestorer.jar";
|
||||
sha256 = "14nl9mi958bfqwqz9182cxj7m6l15kalq3wjmjqzy50s52si35wf";
|
||||
};
|
||||
"plugins/ViaVersion.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/ViaVersion/ViaVersion/releases/download/5.0.3/ViaVersion-5.0.3.jar";
|
||||
sha256 = "02gf91ysialgvbl0w8awa0dsi1yb33ac7clmz0wika1xigk9z10r";
|
||||
};
|
||||
"plugins/ViaBackwards.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/ViaVersion/ViaBackwards/releases/download/5.0.3/ViaBackwards-5.0.3.jar";
|
||||
sha256 = "1wqk68pjrzl1zhajb9lxa1s6wzj85rb0c2riycv9yysr5bcxssqi";
|
||||
};
|
||||
"plugins/Voicechat.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/svvcJhgC/voicechat-velocity-2.5.20.jar";
|
||||
sha256 = "0nw85x24qa9skbhfgbhsjl2r7d9xshr9f04nnq490zbgz7716lqq";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
45
nixos/server/minecraft/vcserver.properties
Normal file
45
nixos/server/minecraft/vcserver.properties
Normal file
|
@ -0,0 +1,45 @@
|
|||
# Simple Voice Chat server config v2.5.16
|
||||
|
||||
# The port of the voice chat server
|
||||
# Setting this to "-1" sets the port to the Minecraft servers port (Not recommended)
|
||||
port=-1
|
||||
# The IP address to bind the voice chat server on
|
||||
# Leave empty to use 'server-ip' of server.properties
|
||||
# To bind to the wildcard address, use '*'
|
||||
bind_address=
|
||||
# The distance to where the voice can be heard
|
||||
max_voice_distance=48.0
|
||||
# The multiplier the voice distance will be reduced by when sneaking
|
||||
crouch_distance_multiplier=1.0
|
||||
# The multiplier the voice distance will be reduced by when whispering
|
||||
whisper_distance_multiplier=0.5
|
||||
# The opus codec
|
||||
codec=VOIP
|
||||
# The maximum size in bytes in a voice packet
|
||||
# Set this to a lower value if your voice packets don't arrive
|
||||
mtu_size=1024
|
||||
# The frequency in which keep alive packets are sent
|
||||
# Setting this to a higher value may result in timeouts
|
||||
keep_alive=1000
|
||||
# If group chats are allowed
|
||||
enable_groups=true
|
||||
# The host name that clients should use to connect to the voice chat
|
||||
# This may also include a port, e.g. 'example.com:24454'
|
||||
# Don't change this value if you don't know what you are doing
|
||||
voice_host=
|
||||
# If players are allowed to record the voice chat
|
||||
allow_recording=true
|
||||
# If spectators are allowed to talk to other players
|
||||
spectator_interaction=false
|
||||
# If spectators can talk to players they are spectating
|
||||
spectator_player_possession=false
|
||||
# If players without the mod should get kicked from the server
|
||||
force_voice_chat=false
|
||||
# The amount of milliseconds, the server should wait to check if the player has the mod installed
|
||||
# Only active when force_voice_chat is set to true
|
||||
login_timeout=10000
|
||||
# The range where the voice chat should broadcast audio to
|
||||
# A value <0 means 'max_voice_distance'
|
||||
broadcast_range=-1.0
|
||||
# If the voice chat server should reply to pings
|
||||
allow_pings=true
|
133
nixos/server/minecraft/velocity.toml
Normal file
133
nixos/server/minecraft/velocity.toml
Normal file
|
@ -0,0 +1,133 @@
|
|||
# Config version. Do not change this
|
||||
config-version = "2.7"
|
||||
|
||||
# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577.
|
||||
bind = "0.0.0.0:25565"
|
||||
|
||||
# What should be the MOTD?
|
||||
motd = "<#09add3>A Velocity Server"
|
||||
|
||||
# What should we display for the maximum number of players?
|
||||
show-max-players = 500
|
||||
|
||||
# Should we authenticate players with Mojang? By default, this is on.
|
||||
online-mode = true
|
||||
|
||||
# Should the proxy enforce the new public key security standard? By default, this is on.
|
||||
force-key-authentication = true
|
||||
|
||||
# If client's ISP/AS sent from this proxy is different from the one from Mojang's
|
||||
# authentication server, the player is kicked. This disallows some VPN and proxy
|
||||
# connections but is a weak form of protection.
|
||||
prevent-client-proxy-connections = false
|
||||
|
||||
# Should we forward IP addresses and other data to backend servers?
|
||||
# - "none": No forwarding will be done. All players will appear to be connecting from the proxy and will have offline-mode UUIDs.
|
||||
# - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use if you run servers using Minecraft 1.12 or lower.
|
||||
# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard plugin. Use if you run servers using Minecraft 1.12 or lower, or if they don't support modern.
|
||||
# - "modern": Forward player IPs and UUIDs as part of the login process using Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher.
|
||||
player-info-forwarding-mode = "bungeeguard"
|
||||
|
||||
# If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here.
|
||||
# The file is expected to be UTF-8 encoded and not empty.
|
||||
forwarding-secret-file = "forwarding.secret"
|
||||
|
||||
# Announce whether or not your server supports Forge. If you run a modded server, we
|
||||
# suggest turning this on.
|
||||
#
|
||||
# If your network runs one modpack consistently, use ping-passthrough = "mods" instead for a nicer display in the server list.
|
||||
announce-forge = false
|
||||
|
||||
# If enabled and the proxy is in online mode, Velocity will kick
|
||||
# any existing player who is online if a duplicate connection attempt is made.
|
||||
kick-existing-players = false
|
||||
|
||||
# Should Velocity pass server list ping requests to a backend server?
|
||||
# - "disabled": No pass-through will be done. The velocity.toml and server-icon.png will determine the initial server list ping response.
|
||||
# - "mods": Passes only the mod list from your backend server into the response. The first server in your try list with a mod list will be used.
|
||||
# - "description": Uses the description and mod list from the backend server. The first server in the try list that responds is used for the description and mod list.
|
||||
# - "all": Uses the backend server's response as the proxy response. Velocity configuration is used as fallback.
|
||||
ping-passthrough = "all"
|
||||
|
||||
# If not enabled (default is true) player IP addresses will be replaced by <ip address withheld> in logs
|
||||
enable-player-address-logging = true
|
||||
|
||||
[servers]
|
||||
dewdemolisher = "127.0.0.1:30010"
|
||||
johnside = "127.0.0.1:30009"
|
||||
bloxelcom = "127.0.0.1:30012"
|
||||
beta = "127.0.0.1:30011"
|
||||
|
||||
# In what order we should try servers when a player logs in or is kicked from a server.
|
||||
try = [
|
||||
"dewdemolisher"
|
||||
]
|
||||
|
||||
[forced-hosts]
|
||||
# Configure your forced hosts here.
|
||||
"mc.jimbosfiles.com" = [
|
||||
"dewdemolisher"
|
||||
]
|
||||
"john.jimbosfiles.com" = [
|
||||
"johnside"
|
||||
]
|
||||
"blox.jimbosfiles.com" = [
|
||||
"bloxelcom"
|
||||
]
|
||||
"beta.jimbosfiles.com" = [
|
||||
"beta"
|
||||
]
|
||||
|
||||
[advanced]
|
||||
# How large a Minecraft packet has to be before we compress it.
|
||||
compression-threshold = 256
|
||||
|
||||
# How much compression should be done (from 0-9). The default is -1, which uses the default level of 6.
|
||||
compression-level = -1
|
||||
|
||||
# How fast (in milliseconds) are clients allowed to connect after the last connection? By default, this is three seconds. Disable this by setting this to 0.
|
||||
login-ratelimit = 3000
|
||||
|
||||
# Specify a custom timeout for connection timeouts here. The default is five seconds.
|
||||
connection-timeout = 5000
|
||||
|
||||
# Specify a read timeout for connections here. The default is 30 seconds.
|
||||
read-timeout = 30000
|
||||
|
||||
# Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then don't enable it.
|
||||
haproxy-protocol = false
|
||||
|
||||
# Enables TCP fast open support on the proxy. Requires the proxy to run on Linux.
|
||||
tcp-fast-open = false
|
||||
|
||||
# Enables BungeeCord plugin messaging channel support on Velocity.
|
||||
bungee-plugin-message-channel = true
|
||||
|
||||
# Shows ping requests to the proxy from clients.
|
||||
show-ping-requests = false
|
||||
|
||||
# By default, Velocity will attempt to gracefully handle situations where the user unexpectedly
|
||||
# loses connection to the server without an explicit disconnect message by attempting to fall the
|
||||
# user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You
|
||||
# can disable this setting to use the BungeeCord behavior.
|
||||
failover-on-unexpected-server-disconnect = true
|
||||
|
||||
# Declares the proxy commands to 1.13+ clients.
|
||||
announce-proxy-commands = true
|
||||
|
||||
# Enables the logging of commands
|
||||
log-command-executions = false
|
||||
|
||||
# Enables logging of player connections when connecting to the proxy, switching servers
|
||||
# and disconnecting from the proxy.
|
||||
log-player-connections = true
|
||||
|
||||
# Allows players transferred from other hosts via the
|
||||
# Transfer packet (Minecraft 1.20.5) to be received.
|
||||
accepts-transfers = false
|
||||
|
||||
[query]
|
||||
enabled = false
|
||||
port = 25577
|
||||
map = "Velocity"
|
||||
show-plugins = false
|
|
@ -1,11 +1,9 @@
|
|||
{pkgs, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, outputs, ...}: {
|
||||
services = {
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = "cloud.${secrets.jimDomain}";
|
||||
hostName = "cloud.${outputs.secrets.jimDomain}";
|
||||
datadir = "/mnt/nextcloud";
|
||||
https = true;
|
||||
config = {
|
||||
|
@ -14,21 +12,21 @@ in {
|
|||
};
|
||||
settings = {
|
||||
trusted_proxies = [ "127.0.0.1" ];
|
||||
trusted_domains = [ "cloud.${secrets.jimDomain}" ];
|
||||
trusted_domains = [ "cloud.${outputs.secrets.jimDomain}" ];
|
||||
overwriteprotocol = "https";
|
||||
|
||||
# Mailserver settings
|
||||
mail_smtphost = "mx.${secrets.jimDomain}";
|
||||
mail_domain = "${secrets.jimDomain}";
|
||||
mail_smtphost = "mx.${outputs.secrets.jimDomain}";
|
||||
mail_domain = "${outputs.secrets.jimDomain}";
|
||||
mail_from_address = "noreply";
|
||||
mail_smtpauth = "true";
|
||||
mail_smtpname = "noreply@${secrets.jimDomain}";
|
||||
mail_smtppassword = secrets.noreplyPassword;
|
||||
mail_smtpname = "noreply@${outputs.secrets.jimDomain}";
|
||||
mail_smtppassword = outputs.secrets.noreplyPassword;
|
||||
mail_smtpmode = "smtp";
|
||||
mail_smtpport = 587;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."cloud.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."cloud.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
{pkgs, ...}: {
|
||||
services.nginx = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, outputs, ...}: {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = (pkgs.nginx.override {
|
||||
modules = with pkgs.nginxModules; [ rtmp ];
|
||||
|
@ -12,10 +10,10 @@
|
|||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
# Landing page
|
||||
"${secrets.jimDomain}" = {
|
||||
"${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page";
|
||||
root = "/var/www/Jimbo-Landing-Page";
|
||||
locations = {
|
||||
"/.well-known/matrix/client" = {
|
||||
extraConfig = ''
|
||||
|
@ -23,13 +21,13 @@
|
|||
return 200 '
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.${secrets.jimDomain}"
|
||||
"base_url": "https://matrix.${outputs.secrets.jimDomain}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://matrix.org"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://matrix.${secrets.jimDomain}"
|
||||
"url": "https://matrix.${outputs.secrets.jimDomain}"
|
||||
}
|
||||
}';
|
||||
'';
|
||||
|
@ -37,14 +35,14 @@
|
|||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}';
|
||||
return 200 '{"m.server": "matrix.${outputs.secrets.jimDomain}:443"}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
|
||||
"bluemap.${secrets.jimDomain}" = {
|
||||
"john.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
@ -64,7 +62,7 @@
|
|||
live on;
|
||||
allow play all;
|
||||
hls on;
|
||||
hls_path /var/www/jimweb/streams/hls;
|
||||
hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
|
||||
hls_fragment_naming system;
|
||||
hls_fragment 3;
|
||||
hls_playlist_length 40;
|
||||
|
@ -76,6 +74,6 @@
|
|||
|
||||
# Allow Nginx to read and write to paths
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
ReadWritePaths = [ "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page" ];
|
||||
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
services = {
|
||||
owncast = {
|
||||
enable = true;
|
||||
|
@ -8,7 +6,7 @@ in {
|
|||
rtmp-port = 1945;
|
||||
listen = "0.0.0.0";
|
||||
};
|
||||
nginx.virtualHosts."live.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."live.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,17 +1,15 @@
|
|||
{pkgs, lib, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, outputs, lib, ...}: {
|
||||
services = {
|
||||
pufferpanel = {
|
||||
enable = true;
|
||||
environment = {
|
||||
PUFFER_WEB_HOST = ":5010";
|
||||
PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}";
|
||||
PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${outputs.secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
|
||||
PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587";
|
||||
PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
|
||||
PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
|
||||
PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
|
||||
};
|
||||
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
|
||||
package = pkgs.buildFHSEnv {
|
||||
|
@ -21,7 +19,7 @@ in {
|
|||
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."panel.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."panel.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
{pkgs, config, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, outputs, config, ...}: {
|
||||
services = {
|
||||
# Synapse Matrix server
|
||||
matrix-synapse = with config.services.coturn; {
|
||||
enable = true;
|
||||
settings = {
|
||||
server_name = "${secrets.jimDomain}";
|
||||
public_baseurl = "https://matrix.${secrets.jimDomain}";
|
||||
server_name = "${outputs.secrets.jimDomain}";
|
||||
public_baseurl = "https://matrix.${outputs.secrets.jimDomain}";
|
||||
suppress_key_server_warning = true;
|
||||
|
||||
# Set the network config
|
||||
|
@ -23,10 +21,10 @@ in {
|
|||
|
||||
# Enable smtp for password resets
|
||||
email = {
|
||||
notif_from = "Jimbo's Matrix <noreply@${secrets.jimDomain}>";
|
||||
smtp_host = "mx.${secrets.jimDomain}";
|
||||
smtp_user = "noreply@${secrets.jimDomain}";
|
||||
smtp_pass = secrets.noreplyPassword;
|
||||
notif_from = "Jimbo's Matrix <noreply@${outputs.secrets.jimDomain}>";
|
||||
smtp_host = "mx.${outputs.secrets.jimDomain}";
|
||||
smtp_user = "noreply@${outputs.secrets.jimDomain}";
|
||||
smtp_pass = outputs.secrets.noreplyPassword;
|
||||
enable_tls = true;
|
||||
smtp_port = 587;
|
||||
require_transport_security = true;
|
||||
|
@ -61,8 +59,8 @@ in {
|
|||
|
||||
# Turn settings
|
||||
turn_uris = [
|
||||
"turn:turn.${secrets.jimDomain}:3478?transport=udp"
|
||||
"turn:turn.${secrets.jimDomain}:3478?transport=tcp"
|
||||
"turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp"
|
||||
"turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp"
|
||||
];
|
||||
turn_shared_secret = static-auth-secret;
|
||||
turn_user_lifetime = "1h";
|
||||
|
@ -75,12 +73,12 @@ in {
|
|||
# Sliding sync proxy for Matrix
|
||||
matrix-sliding-sync = let
|
||||
matrixSecretFile = pkgs.writeText "matrixsecret" ''
|
||||
SYNCV3_SECRET=${secrets.matrixSecret}
|
||||
SYNCV3_SECRET=${outputs.secrets.matrixSecret}
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
settings = {
|
||||
SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}";
|
||||
SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}";
|
||||
SYNCV3_BINDADDR = "0.0.0.0:8009";
|
||||
};
|
||||
environmentFile = "${matrixSecretFile}";
|
||||
|
@ -95,14 +93,14 @@ in {
|
|||
max-port = 50000;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret = "will be world readable for local users :(";
|
||||
realm = "turn.${secrets.jimDomain}";
|
||||
cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem";
|
||||
pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem";
|
||||
realm = "turn.${outputs.secrets.jimDomain}";
|
||||
cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
|
||||
pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
|
||||
};
|
||||
|
||||
# Nginx
|
||||
nginx.virtualHosts = {
|
||||
"matrix.${secrets.jimDomain}" = {
|
||||
"matrix.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
|
@ -113,7 +111,7 @@ in {
|
|||
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
};
|
||||
"turn.${secrets.jimDomain}" = {
|
||||
"turn.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = [
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
services = {
|
||||
tandoor-recipes = {
|
||||
enable = true;
|
||||
port = 5030;
|
||||
};
|
||||
nginx.virtualHosts."recipes.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."recipes.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1,28 +1,26 @@
|
|||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{outputs, ...}: {
|
||||
services = {
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DOMAIN = "https://warden.${secrets.jimDomain}";
|
||||
DOMAIN = "https://warden.${outputs.secrets.jimDomain}";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_LOG = "critical";
|
||||
|
||||
# Smtp email
|
||||
SMTP_HOST = "mx.${secrets.jimDomain}";
|
||||
SMTP_FROM = "Jimbo's Vaultwarden <noreply@${secrets.jimDomain}>";
|
||||
SMTP_HOST = "mx.${outputs.secrets.jimDomain}";
|
||||
SMTP_FROM = "Jimbo's Vaultwarden <noreply@${outputs.secrets.jimDomain}>";
|
||||
SMTP_FROM_NAME = "Vaultwarden";
|
||||
SMTP_USERNAME = "noreply@${secrets.jimDomain}";
|
||||
SMTP_PASSWORD = secrets.noreplyPassword;
|
||||
SMTP_USERNAME = "noreply@${outputs.secrets.jimDomain}";
|
||||
SMTP_PASSWORD = outputs.secrets.noreplyPassword;
|
||||
SMTP_SECURITY = "starttls";
|
||||
SMTP_PORT = 587;
|
||||
SMTP_TIMEOUT = 15;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."warden.${secrets.jimDomain}" = {
|
||||
nginx.virtualHosts."warden.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 4822d4c9f78f245ec2b4b68baba271c0a32225bf
|
|
@ -1,12 +1,10 @@
|
|||
{pkgs, ...}: {
|
||||
{pkgs, outputs, ...}: {
|
||||
users.users = {
|
||||
jimbo = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
jimbo = {
|
||||
description = "Jimbo";
|
||||
hashedPassword = secrets.jimboAccPass;
|
||||
hashedPassword = outputs.secrets.jimboAccPass;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = secrets.jimKeys;
|
||||
openssh.authorizedKeys.keys = outputs.secrets.jimKeys;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"audio"
|
||||
|
@ -21,6 +19,7 @@
|
|||
"qemu-libvirtd"
|
||||
"docker"
|
||||
"nginx"
|
||||
"minecraft"
|
||||
"nfsShare"
|
||||
];
|
||||
uid = 1000;
|
||||
|
|
Loading…
Reference in a new issue