Bun/ROCKPro64-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Generalization and removal of legacy url

Browse source
This commit is contained in:
Vice 2025-03-06 21:25:21 -05:00
parent c15fab234d
commit 8bdec44465
25 changed files with 91 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
system/accounts/users/system/nginx/default.nix
View file

@ -3,10 +3,7 @@
users = {
users.nginx = {
group = "nginx";
extraGroups = [
"turnserver"
"virtualMail"
];
extraGroups = [ "virtualMail" ];
isSystemUser = true;
uid = 60;
};

1
system/devices/boot/root-reset/default.nix
View file

@ -1,7 +1,6 @@
{ config, ... }:
{
boot.initrd.systemd.services.root-reset = {
enable = true;
description = "Create new and snapshot previous root";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];

4
system/devices/disks/snapper/jimbo/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{ ... }:
{
services.snapper.configs.jimbo = lib.mkIf config.environment.persistence."/persist".enable {
services.snapper.configs.jimbo = {
SUBVOLUME = "/persist/home/jimbo";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;

4
system/devices/disks/snapper/jules/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{ ... }:
{
services.snapper.configs.jules = lib.mkIf config.environment.persistence."/persist".enable {
services.snapper.configs.jules = {
SUBVOLUME = "/persist/home/jules";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;

4
system/devices/disks/snapper/root/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{ ... }:
{
services.snapper.configs.root = lib.mkIf config.environment.persistence."/persist".enable {
services.snapper.configs.root = {
SUBVOLUME = "/persist";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;

BIN
system/secrets/default.nix
View file

Binary file not shown.

2
system/services/server/default.nix
View file

@ -7,10 +7,10 @@
./mysql
./nextcloud
./nfs
./nginx
./owncast
./transmission
./vaultwarden
./webserver
];
options.system.server.enable = with lib; mkEnableOption "Enable server apps and services";

10
system/services/server/forgejo/default.nix
View file

@ -8,17 +8,17 @@
package = pkgs.forgejo;
settings = {
server = {
DOMAIN = "git.nixfox.ca";
ROOT_URL = "https://git.nixfox.ca:443";
DOMAIN = "git.example.com";
ROOT_URL = "https://git.example.com:443";
HTTP_PORT = 3110;
SSH_PORT = 2299;
START_SSH_SERVER = true;
};
mailer = {
ENABLED = true;
SMTP_ADDR = "mx.nixfox.ca";
FROM = "NixFox Git <noreply@nixfox.ca>";
USER = "noreply@nixfox.ca";
SMTP_ADDR = "mx.example.com";
FROM = "Example Git <noreply@example.com>";
USER = "noreply@example.com";
PASSWD = config.secrets.noreplyPassword;
PROTOCOL = "smtps";
};

2
system/services/server/forgejo/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."git.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
services.nginx.virtualHosts."git.example.com" = lib.mkIf config.services.forgejo.enable {
enableACME = true;
forceSSL = true;
locations."/" = {

2
system/services/server/jellyfin/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
services.nginx.virtualHosts."jelly.example.com" = lib.mkIf config.services.forgejo.enable {
enableACME = true;
forceSSL = true;
locations."/" = {

6
system/services/server/mysql/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
{
services.mysql = lib.mkIf config.system.server.enable {
enable = true;
services.mysql = {
enable = config.system.server.enable;
package = pkgs.mariadb;
ensureDatabases = [
"minecraft"

46
system/services/server/nextcloud/default.nix
View file

@ -1,30 +1,28 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "cloud.nixfox.ca";
https = true;
config = {
adminuser = config.sysusers.main;
adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.nixfox.ca" ];
overwriteprotocol = "https";
mail_smtphost = "mx.nixfox.ca";
mail_domain = "nixfox.ca";
mail_from_address = "noreply";
mail_smtpauth = "true";
mail_smtpname = "noreply@nixfox.ca";
mail_smtppassword = config.secrets.noreplyPassword;
mail_smtpmode = "smtp";
mail_smtpport = 587;
};
services.nextcloud = {
enable = config.system.server.enable;
package = pkgs.nextcloud30;
hostName = "cloud.example.com";
https = true;
config = {
adminuser = config.sysusers.main;
adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.example.com" ];
overwriteprotocol = "https";
mail_smtphost = "mx.example.com";
mail_domain = "example.com";
mail_from_address = "noreply";
mail_smtpauth = "true";
mail_smtpname = "noreply@example.com";
mail_smtppassword = config.secrets.noreplyPassword;
mail_smtpmode = "smtp";
mail_smtpport = 587;
};
};
}

2
system/services/server/nextcloud/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."cloud.nixfox.ca" = lib.mkIf config.services.nextcloud.enable {
services.nginx.virtualHosts."cloud.example.com" = lib.mkIf config.services.nextcloud.enable {
enableACME = true;
addSSL = true;
locations."/" = {

0
system/services/server/webserver/acme/default.nix → system/services/server/nginx/acme/default.nix
View file

17
system/services/server/nginx/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
{
imports = [ ./virtualhosts ];
services.nginx = {
enable = config.system.server.enable;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

0
system/services/server/webserver/nginx/virtualhosts/default.nix → system/services/server/nginx/virtualhosts/default.nix
View file

0
system/services/server/webserver/nginx/virtualhosts/example/default.nix → system/services/server/nginx/virtualhosts/example/default.nix
View file

14
system/services/server/owncast/default.nix
View file

@ -1,13 +1,11 @@
{ config, lib, ... }:
{ config, ... }:
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
services.owncast = {
enable = true;
port = 8060;
rtmp-port = 1945;
listen = "0.0.0.0";
};
services.owncast = {
enable = config.system.server.enable;
port = 8060;
rtmp-port = 1945;
listen = "0.0.0.0";
};
}

2
system/services/server/owncast/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."live.nixfox.ca" = lib.mkIf config.services.owncast.enable {
services.nginx.virtualHosts."live.example.com" = lib.mkIf config.services.owncast.enable {
enableACME = true;
forceSSL = true;
locations."/" = {

14
system/services/server/transmission/default.nix
View file

@ -1,13 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
services.transmission = {
enable = true;
credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
openPeerPorts = true;
settings.rpc-authentication-required = true;
};
services.transmission = {
enable = config.system.server.enable;
credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
openPeerPorts = true;
settings.rpc-authentication-required = true;
};
}

2
system/services/server/transmission/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."tor.nixfox.ca" = lib.mkIf config.services.transmission.enable {
services.nginx.virtualHosts."tor.example.com" = lib.mkIf config.services.transmission.enable {
enableACME = true;
forceSSL = true;
locations."/" = {

38
system/services/server/vaultwarden/default.nix
View file

@ -1,27 +1,25 @@
{ config, lib, ... }:
{ config, ... }:
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.nixfox.ca";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
services.vaultwarden = {
enable = config.system.server.enable;
config = {
DOMAIN = "https://pass.example.com";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
# Smtp email
SMTP_HOST = "mx.nixfox.ca";
SMTP_FROM = "noreply@nixfox.ca";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@nixfox.ca";
SMTP_PASSWORD = config.secrets.noreplyPassword;
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
SMTP_TIMEOUT = 15;
};
# Smtp email
SMTP_HOST = "mx.example.com";
SMTP_FROM = "noreply@example.com";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@example.com";
SMTP_PASSWORD = config.secrets.noreplyPassword;
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
SMTP_TIMEOUT = 15;
};
};
}

2
system/services/server/vaultwarden/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."pass.nixfox.ca" = lib.mkIf config.services.vaultwarden.enable {
services.nginx.virtualHosts."pass.example.com" = lib.mkIf config.services.vaultwarden.enable {
enableACME = true;
forceSSL = true;
locations."/" = {

9
system/services/server/webserver/default.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
imports = [
./acme
./nginx
];
options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services";
}

19
system/services/server/webserver/nginx/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
{
imports = [ ./virtualhosts ];
config = lib.mkIf config.system.server.enable {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}