diff --git a/system/devices/boot/default.nix b/system/devices/boot/default.nix index d3280e4..abc2406 100644 --- a/system/devices/boot/default.nix +++ b/system/devices/boot/default.nix @@ -2,11 +2,8 @@ { imports = [ ./extlinux - ./services + ./root-reset ]; - boot.kernel.sysctl = { - "vm.max_map_count" = 2147483642; - "kernel.sysrq" = 1; - }; + boot.initrd.systemd.enable = true; } diff --git a/system/devices/boot/services/root-reset/default.nix b/system/devices/boot/root-reset/default.nix similarity index 100% rename from system/devices/boot/services/root-reset/default.nix rename to system/devices/boot/root-reset/default.nix diff --git a/system/devices/boot/services/default.nix b/system/devices/boot/services/default.nix deleted file mode 100644 index 1d42ae2..0000000 --- a/system/devices/boot/services/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - imports = [ ./root-reset ]; - - boot.initrd.systemd.enable = true; -} diff --git a/system/devices/disks/impermanence/root/default.nix b/system/devices/disks/impermanence/root/default.nix index e611e07..51c2914 100644 --- a/system/devices/disks/impermanence/root/default.nix +++ b/system/devices/disks/impermanence/root/default.nix @@ -5,7 +5,7 @@ directories = [ "/etc/nixos" "/etc/secureboot" - "/var/lib/nixos" + "/var" ]; files = [ "/etc/machine-id" diff --git a/system/services/server/default.nix b/system/services/server/default.nix index a69c3e4..ba01e56 100644 --- a/system/services/server/default.nix +++ b/system/services/server/default.nix @@ -5,7 +5,7 @@ ./fileserver ./forgejo ./mysql - ./socialserver + ./owncast ./transmission ./vaultwarden ./webserver diff --git a/system/services/server/fileserver/nextcloud/collabora/default.nix b/system/services/server/fileserver/nextcloud/collabora/default.nix deleted file mode 100644 index f53c879..0000000 --- a/system/services/server/fileserver/nextcloud/collabora/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, lib, ... }: -{ - services.collabora-online.enable = config.services.nextcloud.enable; -} diff --git a/system/services/server/fileserver/nextcloud/default.nix b/system/services/server/fileserver/nextcloud/default.nix index 220e275..1d07a54 100644 --- a/system/services/server/fileserver/nextcloud/default.nix +++ b/system/services/server/fileserver/nextcloud/default.nix @@ -1,9 +1,6 @@ { config, lib, pkgs, ... }: { - imports = [ - ./collabora - ./nginx - ]; + imports = [ ./nginx ]; config = lib.mkIf config.system.fileserver.enable { services.nextcloud = { @@ -29,6 +26,5 @@ mail_smtpport = 587; }; }; - environment.persistence."/persist".directories = [ "/var/lib/nextcloud" ]; }; } diff --git a/system/services/server/forgejo/default.nix b/system/services/server/forgejo/default.nix index 9735402..9f6de97 100644 --- a/system/services/server/forgejo/default.nix +++ b/system/services/server/forgejo/default.nix @@ -32,8 +32,6 @@ networking.firewall.allowedTCPPorts = [ 2299 ]; - services.cloudflare-dyndns.domains = [ "git.nixfox.ca" ]; - - environment.persistence."/persist".directories = [ "/var/lib/forgejo" ]; + services.cloudflare-dyndns.domains = [ "git.example.com" ]; }; } diff --git a/system/services/server/mysql/default.nix b/system/services/server/mysql/default.nix index 39d54f0..65d5e15 100644 --- a/system/services/server/mysql/default.nix +++ b/system/services/server/mysql/default.nix @@ -1,23 +1,18 @@ { config, lib, pkgs, ... }: { - config = lib.mkIf config.system.server.enable { - services.mysql = { - enable = true; - package = pkgs.mariadb; - ensureDatabases = [ - "minecraft" - ]; - ensureUsers = [ - { - name = "minecraft"; - ensurePermissions = { - "minecraft.*" = "ALL PRIVILEGES"; - }; - } - ]; - }; - environment.persistence."/persist".directories = [ - "/var/lib/mysql" + services.mysql = lib.mkIf config.system.server.enable { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ + "minecraft" + ]; + ensureUsers = [ + { + name = "minecraft"; + ensurePermissions = { + "minecraft.*" = "ALL PRIVILEGES"; + }; + } ]; }; } diff --git a/system/services/server/socialserver/owncast/default.nix b/system/services/server/owncast/default.nix similarity index 55% rename from system/services/server/socialserver/owncast/default.nix rename to system/services/server/owncast/default.nix index b2dfe6a..fd66cd6 100644 --- a/system/services/server/socialserver/owncast/default.nix +++ b/system/services/server/owncast/default.nix @@ -2,15 +2,12 @@ { imports = [ ./nginx ]; - config = lib.mkIf config.system.socialserver.enable { + config = lib.mkIf config.system.server.enable { services.owncast = { enable = true; port = 8060; rtmp-port = 1945; listen = "0.0.0.0"; }; - environment.persistence."/persist".directories = [ - "/var/lib/owncast" - ]; }; } diff --git a/system/services/server/socialserver/owncast/nginx/default.nix b/system/services/server/owncast/nginx/default.nix similarity index 100% rename from system/services/server/socialserver/owncast/nginx/default.nix rename to system/services/server/owncast/nginx/default.nix diff --git a/system/services/server/socialserver/default.nix b/system/services/server/socialserver/default.nix deleted file mode 100644 index 825a43d..0000000 --- a/system/services/server/socialserver/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, ... }: -{ - options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services"; - - imports = [ - ./mastodon - ./matrix - ./owncast - ]; -} diff --git a/system/services/server/socialserver/mastodon/default.nix b/system/services/server/socialserver/mastodon/default.nix deleted file mode 100644 index 193fe26..0000000 --- a/system/services/server/socialserver/mastodon/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - config = lib.mkIf config.system.socialserver.enable { - services.mastodon = { - enable = true; - localDomain = "social.nixfox.ca"; - streamingProcesses = 4; - configureNginx = true; - smtp = { - createLocally = false; - host = "mx.nixfox.ca"; - port = 587; - authenticate = true; - fromAddress = "NixFox Mastodon "; - user = "noreply@nixfox.ca"; - passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; - }; - }; - environment.persistence."/persist".directories = [ - "/var/lib/mastodon" - ]; - }; -} diff --git a/system/services/server/socialserver/matrix/coturn/default.nix b/system/services/server/socialserver/matrix/coturn/default.nix deleted file mode 100644 index 5c49d78..0000000 --- a/system/services/server/socialserver/matrix/coturn/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, lib, ... }: -{ - imports = [ ./nginx ]; - - config = lib.mkIf config.services.matrix-synapse.enable { - services = { - coturn = { - enable = true; - no-cli = true; - no-tcp-relay = true; - min-port = 49000; - max-port = 50000; - use-auth-secret = true; - static-auth-secret = config.secrets.coturnSecret; - realm = "turn.jimbosfiles.com"; - cert = "/var/lib/acme/turn.jimbosfiles.com/fullchain.pem"; - pkey = "/var/lib/acme/turn.jimbosfiles.com/key.pem"; - }; - - # Enable coturn on Synapse - matrix-synapse.settings = { - turn_uris = [ - "turn:turn.jimbosfiles.com:3478?transport=udp" - "turn:turn.jimbosfiles.com:3478?transport=tcp" - ]; - turn_shared_secret = config.secrets.coturnSecret; - turn_user_lifetime = "1h"; - }; - - # Sync the IP to Cloudflare - cloudflare-dyndns.domains = [ "turn.jimbosfiles.com" ]; - }; - - # Open coturn ports - networking.firewall = { - allowedUDPPorts = [ - 3478 - 5349 - ]; - allowedUDPPortRanges = [{ - from = config.services.coturn.min-port; - to = config.services.coturn.max-port; - }]; - }; - }; -} diff --git a/system/services/server/socialserver/matrix/coturn/nginx/default.nix b/system/services/server/socialserver/matrix/coturn/nginx/default.nix deleted file mode 100644 index effae07..0000000 --- a/system/services/server/socialserver/matrix/coturn/nginx/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: -{ - config = lib.mkIf config.services.coturn.enable { - services.nginx.virtualHosts."turn.jimbosfiles.com" = { - enableACME = true; - forceSSL = true; - listen = [{ - addr = "0.0.0.0"; - port = 80; - ssl = false; - }]; - locations."/".proxyPass = "http://127.0.0.1:1380"; - }; - - security.acme.certs = { - "turn.jimbosfiles.com" = { - group = "turnserver"; - postRun = "systemctl restart coturn.service"; - }; - }; - }; -} diff --git a/system/services/server/socialserver/matrix/default.nix b/system/services/server/socialserver/matrix/default.nix deleted file mode 100644 index 2a569ee..0000000 --- a/system/services/server/socialserver/matrix/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./coturn - ./element - ./synapse - ]; -} diff --git a/system/services/server/socialserver/matrix/element/default.nix b/system/services/server/socialserver/matrix/element/default.nix deleted file mode 100644 index f63c763..0000000 --- a/system/services/server/socialserver/matrix/element/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: -{ - imports = [ ./nginx ]; - - config = lib.mkIf config.services.matrix-synapse.enable { - nixpkgs.config.element-web.conf = { - default_server_config."m.homeserver" = { - base_url = "https://matrix.jimbosfiles.com"; - server_name = "matrix.jimbosfiles.com"; - }; - branding = { - #welcome_background_url = "https://staging.jimbosfiles.com/images/backgrounds/template-background.png"; - #auth_header_logo_url = "https://staging.jimbosfiles.com/images/logos/template-logo.png"; - }; - embedded_pages = { - home_url = "https://www.jimbosfiles.com/"; - }; - disable_custom_urls = true; - disable_guests = true; - default_theme = "dark"; - }; - }; -} diff --git a/system/services/server/socialserver/matrix/element/nginx/default.nix b/system/services/server/socialserver/matrix/element/nginx/default.nix deleted file mode 100644 index 1c085eb..0000000 --- a/system/services/server/socialserver/matrix/element/nginx/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.nginx.virtualHosts."chat.nixfox.ca" = lib.mkIf config.services.matrix-synapse.enable { - enableACME = true; - addSSL = true; - root = "${pkgs.element-web}"; - }; -} diff --git a/system/services/server/socialserver/matrix/synapse/default.nix b/system/services/server/socialserver/matrix/synapse/default.nix deleted file mode 100644 index 3420d0c..0000000 --- a/system/services/server/socialserver/matrix/synapse/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./nginx - ]; - - config = lib.mkIf config.system.socialserver.enable { - services.matrix-synapse = { - enable = true; - settings = { - server_name = "jimbosfiles.com"; - public_baseurl = "https://matrix.jimbosfiles.com"; - suppress_key_server_warning = true; - - listeners = [{ - port = 8008; - bind_addresses = [ - "::" - "0.0.0.0" - ]; - resources = [{ - compress = true; - names = [ - "client" - "federation" - ]; - }]; - type = "http"; - tls = false; - x_forwarded = true; - }]; - - email = { - notif_from = "NixFox Matrix "; - smtp_host = "mx.nixfox.ca"; - smtp_user = "noreply@nixfox.ca"; - smtp_pass = config.secrets.noreplyPassword; - enable_tls = true; - smtp_port = 587; - require_transport_security = true; - }; - - # Disable registration without email - registrations_require_3pid = [ "email" ]; - - # Set the type of database - database.name = "sqlite3"; - - # Allow account registration - #enable_registration = true; - - # General settings - url_preview_enabled = true; - max_upload_size = "50M"; - report_stats = false; - burst_count = 15; - }; - }; - - environment.persistence."/persist".directories = [ "/var/lib/matrix-synapse" ]; - }; -} diff --git a/system/services/server/socialserver/matrix/synapse/nginx/default.nix b/system/services/server/socialserver/matrix/synapse/nginx/default.nix deleted file mode 100644 index f326cbc..0000000 --- a/system/services/server/socialserver/matrix/synapse/nginx/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, ... }: -{ - services.nginx.virtualHosts."matrix.jimbosfiles.com" = lib.mkIf config.services.matrix-synapse.enable { - enableACME = true; - forceSSL = true; - locations = { - "/".extraConfig = ''return 403;''; - "/client".proxyPass = "http://127.0.0.1:8008"; - "/_matrix".proxyPass = "http://127.0.0.1:8008"; - "/_synapse/client".proxyPass = "http://127.0.0.1:8008"; - }; - }; -} diff --git a/system/services/server/transmission/default.nix b/system/services/server/transmission/default.nix index b23b9dd..fbf29bb 100644 --- a/system/services/server/transmission/default.nix +++ b/system/services/server/transmission/default.nix @@ -9,8 +9,5 @@ openPeerPorts = true; settings.rpc-authentication-required = true; }; - environment.persistence."/persist".directories = [ - "/var/lib/transmission" - ]; }; } diff --git a/system/services/server/vaultwarden/default.nix b/system/services/server/vaultwarden/default.nix index ef1dcb6..2b2e1a9 100644 --- a/system/services/server/vaultwarden/default.nix +++ b/system/services/server/vaultwarden/default.nix @@ -23,7 +23,5 @@ SMTP_TIMEOUT = 15; }; }; - - environment.persistence."/persist".directories = [ "/var/lib/bitwarden_rs" ]; }; } diff --git a/system/services/server/webserver/nginx/default.nix b/system/services/server/webserver/nginx/default.nix index 1019882..1a43163 100644 --- a/system/services/server/webserver/nginx/default.nix +++ b/system/services/server/webserver/nginx/default.nix @@ -1,9 +1,6 @@ { config, lib, ... }: { - imports = [ - ./rtmp - ./virtualhosts - ]; + imports = [ ./virtualhosts ]; config = lib.mkIf config.system.server.enable { services.nginx = { @@ -14,8 +11,6 @@ recommendedProxySettings = true; }; - environment.persistence."/persist".directories = [ "/var/www" ]; - networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/system/services/server/webserver/nginx/rtmp/default.nix b/system/services/server/webserver/nginx/rtmp/default.nix deleted file mode 100644 index 3826d9d..0000000 --- a/system/services/server/webserver/nginx/rtmp/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - options.services.nginx.rtmp.enable = lib.mkEnableOption "Enable an RTMP server using Nginx"; - - config = lib.mkIf config.services.nginx.rtmp.enable { - services.nginx = { - package = (pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; - }); - appendConfig = '' - rtmp { - server { - listen 1935; - chunk_size 4096; - allow publish all; - application stream { - record off; - live on; - allow play all; - hls on; - hls_path /var/www/landing-page/streams/hls/; - hls_fragment_naming system; - hls_fragment 3; - hls_playlist_length 40; - } - } - } - ''; - }; - systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ]; - }; -} diff --git a/system/services/server/webserver/nginx/virtualhosts/default.nix b/system/services/server/webserver/nginx/virtualhosts/default.nix index ffe0d77..e5da842 100644 --- a/system/services/server/webserver/nginx/virtualhosts/default.nix +++ b/system/services/server/webserver/nginx/virtualhosts/default.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./nixfox - ./jimbosfiles + ./example ]; } diff --git a/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix b/system/services/server/webserver/nginx/virtualhosts/example/default.nix similarity index 74% rename from system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix rename to system/services/server/webserver/nginx/virtualhosts/example/default.nix index 8a93ae5..f774fa8 100644 --- a/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix +++ b/system/services/server/webserver/nginx/virtualhosts/example/default.nix @@ -1,16 +1,16 @@ { config, lib, ... }: { services.nginx.virtualHosts = lib.mkIf config.system.server.enable { - "www.nixfox.ca" = { + "www.example.com" = { enableACME = true; addSSL = true; default = true; root = "/var/www/landing-page"; }; - "nixfox.ca" = { + "example.com" = { enableACME = true; addSSL = true; - globalRedirect = "www.nixfox.ca"; + globalRedirect = "www.example.com"; }; }; } diff --git a/system/services/server/webserver/nginx/virtualhosts/jimbosfiles/default.nix b/system/services/server/webserver/nginx/virtualhosts/jimbosfiles/default.nix deleted file mode 100644 index df17ceb..0000000 --- a/system/services/server/webserver/nginx/virtualhosts/jimbosfiles/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ... }: -{ - services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.system.server.enable { - enableACME = true; - addSSL = true; - globalRedirect = "www.nixfox.ca"; - locations = { - "/.well-known/matrix/client".extraConfig = '' - default_type application/json; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.jimbosfiles.com" - }, - "m.identity_server": { - "base_url": "https://matrix.org" - } - } - '; - ''; - "/.well-known/matrix/server".extraConfig = '' - default_type application/json; - return 200 '{ "m.server": "matrix.jimbosfiles.com:443" }'; - ''; - }; - }; -}