Bun/ROCKPro64-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Generalization and removal of legacy url

Browse source
This commit is contained in:
Vice 2025-03-06 21:25:21 -05:00
parent c15fab234d
commit 8bdec44465
25 changed files with 91 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
system/accounts/users/system/nginx/default.nix
View file

@ -3,10 +3,7 @@
users = { users = {
users.nginx = { users.nginx = {
group = "nginx"; group = "nginx";
extraGroups = [ extraGroups = [ "virtualMail" ];
"turnserver"
"virtualMail"
];
isSystemUser = true; isSystemUser = true;
uid = 60; uid = 60;
}; };

1
system/devices/boot/root-reset/default.nix
View file

@ -1,7 +1,6 @@
{ config, ... }: { config, ... }:
{ {
boot.initrd.systemd.services.root-reset = { boot.initrd.systemd.services.root-reset = {
enable = true;
description = "Create new and snapshot previous root"; description = "Create new and snapshot previous root";
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ]; before = [ "sysroot.mount" ];

4
system/devices/disks/snapper/jimbo/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { ... }:
{ {
services.snapper.configs.jimbo = lib.mkIf config.environment.persistence."/persist".enable { services.snapper.configs.jimbo = {
SUBVOLUME = "/persist/home/jimbo"; SUBVOLUME = "/persist/home/jimbo";
TIMELINE_CREATE = true; TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true; TIMELINE_CLEANUP = true;

4
system/devices/disks/snapper/jules/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { ... }:
{ {
services.snapper.configs.jules = lib.mkIf config.environment.persistence."/persist".enable { services.snapper.configs.jules = {
SUBVOLUME = "/persist/home/jules"; SUBVOLUME = "/persist/home/jules";
TIMELINE_CREATE = true; TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true; TIMELINE_CLEANUP = true;

4
system/devices/disks/snapper/root/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { ... }:
{ {
services.snapper.configs.root = lib.mkIf config.environment.persistence."/persist".enable { services.snapper.configs.root = {
SUBVOLUME = "/persist"; SUBVOLUME = "/persist";
TIMELINE_CREATE = true; TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true; TIMELINE_CLEANUP = true;

BIN
system/secrets/default.nix
View file

Binary file not shown.

2
system/services/server/default.nix
View file

@ -7,10 +7,10 @@
./mysql ./mysql
./nextcloud ./nextcloud
./nfs ./nfs
./nginx
./owncast ./owncast
./transmission ./transmission
./vaultwarden ./vaultwarden
./webserver
]; ];
options.system.server.enable = with lib; mkEnableOption "Enable server apps and services"; options.system.server.enable = with lib; mkEnableOption "Enable server apps and services";

10
system/services/server/forgejo/default.nix
View file

@ -8,17 +8,17 @@
package = pkgs.forgejo; package = pkgs.forgejo;
settings = { settings = {
server = { server = {
DOMAIN = "git.nixfox.ca"; DOMAIN = "git.example.com";
ROOT_URL = "https://git.nixfox.ca:443"; ROOT_URL = "https://git.example.com:443";
HTTP_PORT = 3110; HTTP_PORT = 3110;
SSH_PORT = 2299; SSH_PORT = 2299;
START_SSH_SERVER = true; START_SSH_SERVER = true;
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
SMTP_ADDR = "mx.nixfox.ca"; SMTP_ADDR = "mx.example.com";
FROM = "NixFox Git <noreply@nixfox.ca>"; FROM = "Example Git <noreply@example.com>";
USER = "noreply@nixfox.ca"; USER = "noreply@example.com";
PASSWD = config.secrets.noreplyPassword; PASSWD = config.secrets.noreplyPassword;
PROTOCOL = "smtps"; PROTOCOL = "smtps";
}; };

2
system/services/server/forgejo/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."git.nixfox.ca" = lib.mkIf config.services.forgejo.enable { services.nginx.virtualHosts."git.example.com" = lib.mkIf config.services.forgejo.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

2
system/services/server/jellyfin/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable { services.nginx.virtualHosts."jelly.example.com" = lib.mkIf config.services.forgejo.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

6
system/services/server/mysql/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
{ {
services.mysql = lib.mkIf config.system.server.enable { services.mysql = {
enable = true; enable = config.system.server.enable;
package = pkgs.mariadb; package = pkgs.mariadb;
ensureDatabases = [ ensureDatabases = [
"minecraft" "minecraft"

46
system/services/server/nextcloud/default.nix
View file

@ -1,30 +1,28 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { services.nextcloud = {
services.nextcloud = { enable = config.system.server.enable;
enable = true; package = pkgs.nextcloud30;
package = pkgs.nextcloud30; hostName = "cloud.example.com";
hostName = "cloud.nixfox.ca"; https = true;
https = true; config = {
config = { adminuser = config.sysusers.main;
adminuser = config.sysusers.main; adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}";
adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}"; };
}; settings = {
settings = { trusted_proxies = [ "127.0.0.1" ];
trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ "cloud.example.com" ];
trusted_domains = [ "cloud.nixfox.ca" ]; overwriteprotocol = "https";
overwriteprotocol = "https"; mail_smtphost = "mx.example.com";
mail_smtphost = "mx.nixfox.ca"; mail_domain = "example.com";
mail_domain = "nixfox.ca"; mail_from_address = "noreply";
mail_from_address = "noreply"; mail_smtpauth = "true";
mail_smtpauth = "true"; mail_smtpname = "noreply@example.com";
mail_smtpname = "noreply@nixfox.ca"; mail_smtppassword = config.secrets.noreplyPassword;
mail_smtppassword = config.secrets.noreplyPassword; mail_smtpmode = "smtp";
mail_smtpmode = "smtp"; mail_smtpport = 587;
mail_smtpport = 587;
};
}; };
}; };
} }

2
system/services/server/nextcloud/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."cloud.nixfox.ca" = lib.mkIf config.services.nextcloud.enable { services.nginx.virtualHosts."cloud.example.com" = lib.mkIf config.services.nextcloud.enable {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
locations."/" = { locations."/" = {

0
system/services/server/webserver/acme/default.nix → system/services/server/nginx/acme/default.nix
View file

17
system/services/server/nginx/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
{
imports = [ ./virtualhosts ];
services.nginx = {
enable = config.system.server.enable;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

0
system/services/server/webserver/nginx/virtualhosts/default.nix → system/services/server/nginx/virtualhosts/default.nix
View file

0
system/services/server/webserver/nginx/virtualhosts/example/default.nix → system/services/server/nginx/virtualhosts/example/default.nix
View file

14
system/services/server/owncast/default.nix
View file

@ -1,13 +1,11 @@
{ config, lib, ... }: { config, ... }:
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { services.owncast = {
services.owncast = { enable = config.system.server.enable;
enable = true; port = 8060;
port = 8060; rtmp-port = 1945;
rtmp-port = 1945; listen = "0.0.0.0";
listen = "0.0.0.0";
};
}; };
} }

2
system/services/server/owncast/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."live.nixfox.ca" = lib.mkIf config.services.owncast.enable { services.nginx.virtualHosts."live.example.com" = lib.mkIf config.services.owncast.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

14
system/services/server/transmission/default.nix
View file

@ -1,13 +1,11 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { services.transmission = {
services.transmission = { enable = config.system.server.enable;
enable = true; credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; openPeerPorts = true;
openPeerPorts = true; settings.rpc-authentication-required = true;
settings.rpc-authentication-required = true;
};
}; };
} }

2
system/services/server/transmission/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."tor.nixfox.ca" = lib.mkIf config.services.transmission.enable { services.nginx.virtualHosts."tor.example.com" = lib.mkIf config.services.transmission.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

38
system/services/server/vaultwarden/default.nix
View file

@ -1,27 +1,25 @@
{ config, lib, ... }: { config, ... }:
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { services.vaultwarden = {
services.vaultwarden = { enable = config.system.server.enable;
enable = true; config = {
config = { DOMAIN = "https://pass.example.com";
DOMAIN = "https://pass.nixfox.ca"; SIGNUPS_ALLOWED = false;
SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222;
ROCKET_PORT = 8222; ROCKET_LOG = "critical";
ROCKET_LOG = "critical";
# Smtp email # Smtp email
SMTP_HOST = "mx.nixfox.ca"; SMTP_HOST = "mx.example.com";
SMTP_FROM = "noreply@nixfox.ca"; SMTP_FROM = "noreply@example.com";
SMTP_FROM_NAME = "Vaultwarden"; SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@nixfox.ca"; SMTP_USERNAME = "noreply@example.com";
SMTP_PASSWORD = config.secrets.noreplyPassword; SMTP_PASSWORD = config.secrets.noreplyPassword;
SMTP_SECURITY = "starttls"; SMTP_SECURITY = "starttls";
SMTP_PORT = 587; SMTP_PORT = 587;
SMTP_TIMEOUT = 15; SMTP_TIMEOUT = 15;
};
}; };
}; };
} }

2
system/services/server/vaultwarden/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."pass.nixfox.ca" = lib.mkIf config.services.vaultwarden.enable { services.nginx.virtualHosts."pass.example.com" = lib.mkIf config.services.vaultwarden.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

9
system/services/server/webserver/default.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
imports = [
./acme
./nginx
];
options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services";
}

19
system/services/server/webserver/nginx/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
{
imports = [ ./virtualhosts ];
config = lib.mkIf config.system.server.enable {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}