diff --git a/hosts/midas/firewall/default.nix b/hosts/midas/firewall/default.nix index 73967e3..8875b2e 100644 --- a/hosts/midas/firewall/default.nix +++ b/hosts/midas/firewall/default.nix @@ -13,7 +13,6 @@ chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC" - tcp dport 2222 dnat to 10.100.0.19:22 comment "SSH to Oracle VM" udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games" @@ -28,7 +27,7 @@ chain POSTROUTING { type nat hook postrouting priority 100; policy accept; - oifname "eno1" masquerade + oifname "enp0s31f6" masquerade } ''; }; diff --git a/modules/system/accounts/default.nix b/modules/system/accounts/default.nix index 5c525dd..dfbc9b1 100644 --- a/modules/system/accounts/default.nix +++ b/modules/system/accounts/default.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ imports = [ ./users ./groups diff --git a/modules/system/accounts/users/custom/default.nix b/modules/system/accounts/users/custom/default.nix deleted file mode 100644 index d2600a9..0000000 --- a/modules/system/accounts/users/custom/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ home-manager, ... }: -{ - imports = [ - ./main - home-manager.nixosModules.home-manager - ]; -} diff --git a/modules/system/accounts/users/default.nix b/modules/system/accounts/users/default.nix index 59e3555..d2600a9 100644 --- a/modules/system/accounts/users/default.nix +++ b/modules/system/accounts/users/default.nix @@ -1,9 +1,7 @@ -{ ... }: +{ home-manager, ... }: { imports = [ - ./custom - ./system + ./main + home-manager.nixosModules.home-manager ]; - - users.mutableUsers = false; } diff --git a/modules/system/accounts/users/custom/main/default.nix b/modules/system/accounts/users/main/default.nix similarity index 72% rename from modules/system/accounts/users/custom/main/default.nix rename to modules/system/accounts/users/main/default.nix index 00fc0a0..350f082 100644 --- a/modules/system/accounts/users/custom/main/default.nix +++ b/modules/system/accounts/users/main/default.nix @@ -12,14 +12,14 @@ isNormalUser = true; createHome = true; openssh.authorizedKeys.keyFiles = [ - ../../../../../../hosts/tower/id_ed25519.pub + ../../../../../hosts/tower/id_ed25519.pub - ../../../../../../hosts/envy/id_ed25519.pub - ../../../../../../hosts/pear/id_ed25519.pub - ../../../../../../hosts/redmond/id_ed25519.pub + ../../../../../hosts/envy/id_ed25519.pub + ../../../../../hosts/pear/id_ed25519.pub + ../../../../../hosts/redmond/id_ed25519.pub - ../../../../../../hosts/midas/id_ed25519.pub - ../../../../../../hosts/prophet/id_ed25519.pub + ../../../../../hosts/midas/id_ed25519.pub + ../../../../../hosts/prophet/id_ed25519.pub ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" @@ -43,6 +43,6 @@ shell = pkgs.zsh; }; - home-manager.users."${config.sysusers.main}" = import ../../../../../home; + home-manager.users."${config.sysusers.main}" = import ../../../../home; }; } diff --git a/modules/system/accounts/users/system/default.nix b/modules/system/accounts/users/system/default.nix deleted file mode 100644 index ffbaa7a..0000000 --- a/modules/system/accounts/users/system/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - imports = [ - ./jellyfin - ./liquidsoap - ./nextcloud - ./nginx - ]; -} diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index 7748376..3eec42f 100644 Binary files a/modules/system/secrets/default.nix and b/modules/system/secrets/default.nix differ diff --git a/modules/system/services/server/fileserver/jellyfin/default.nix b/modules/system/services/server/fileserver/jellyfin/default.nix index c0ad6af..b50ec1f 100644 --- a/modules/system/services/server/fileserver/jellyfin/default.nix +++ b/modules/system/services/server/fileserver/jellyfin/default.nix @@ -1,6 +1,9 @@ { config, lib, ... }: { - imports = [ ./nginx ]; + imports = [ + ./nginx + ./user + ]; config = lib.mkIf config.system.fileserver.enable { services.jellyfin.enable = true; diff --git a/modules/system/services/server/fileserver/jellyfin/nginx/default.nix b/modules/system/services/server/fileserver/jellyfin/nginx/default.nix index bc9db65..26d20ab 100644 --- a/modules/system/services/server/fileserver/jellyfin/nginx/default.nix +++ b/modules/system/services/server/fileserver/jellyfin/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable { + services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.jellyfin.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/accounts/users/system/jellyfin/default.nix b/modules/system/services/server/fileserver/jellyfin/user/default.nix similarity index 69% rename from modules/system/accounts/users/system/jellyfin/default.nix rename to modules/system/services/server/fileserver/jellyfin/user/default.nix index ed8cc7b..a168eed 100644 --- a/modules/system/accounts/users/system/jellyfin/default.nix +++ b/modules/system/services/server/fileserver/jellyfin/user/default.nix @@ -1,6 +1,6 @@ -{ ... }: +{ config, lib, ... }: { - users = { + users = lib.mkIf config.services.jellyfin.enable { users.jellyfin = { group = "jellyfin"; extraGroups = [ "nfsShare" ]; diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix index 831bedd..0dbb2ef 100644 --- a/modules/system/services/server/fileserver/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/default.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ... }: { - imports = [ ./nginx ]; + imports = [ + ./nginx + ./user + ]; config = lib.mkIf config.system.fileserver.enable { services.nextcloud = { diff --git a/modules/system/accounts/users/system/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/user/default.nix similarity index 69% rename from modules/system/accounts/users/system/nextcloud/default.nix rename to modules/system/services/server/fileserver/nextcloud/user/default.nix index 0722276..49a6ff0 100644 --- a/modules/system/accounts/users/system/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/user/default.nix @@ -1,6 +1,6 @@ -{ ... }: +{ config, lib, ... }: { - users = { + users = lib.mkIf config.services.nextcloud.enable { users.nextcloud = { group = "nextcloud"; extraGroups = [ "nfsShare" ]; diff --git a/modules/system/services/server/icecast/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/default.nix index 3693261..78024e4 100644 --- a/modules/system/services/server/icecast/liquidsoap/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/default.nix @@ -3,5 +3,6 @@ imports = [ ./nixbops ./nixscrap + ./user ]; } diff --git a/modules/system/accounts/users/system/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/user/default.nix similarity index 70% rename from modules/system/accounts/users/system/liquidsoap/default.nix rename to modules/system/services/server/icecast/liquidsoap/user/default.nix index f83e9cc..3f2f698 100644 --- a/modules/system/accounts/users/system/liquidsoap/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/user/default.nix @@ -1,6 +1,6 @@ -{ ... }: +{ config, lib, ... }: { - users = { + users = lib.mkIf config.services.icecast.enable { users.liquidsoap = { group = "liquidsoap"; extraGroups = [ "nginx" ]; diff --git a/modules/system/services/server/socialserver/default.nix b/modules/system/services/server/socialserver/default.nix index c49e35f..eadde80 100644 --- a/modules/system/services/server/socialserver/default.nix +++ b/modules/system/services/server/socialserver/default.nix @@ -3,7 +3,7 @@ imports = [ ./mastodon ./owncast - #./spacebar + ./spacebar ]; options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services"; diff --git a/modules/system/services/server/socialserver/spacebar/default.nix b/modules/system/services/server/socialserver/spacebar/default.nix new file mode 100644 index 0000000..95a8d71 --- /dev/null +++ b/modules/system/services/server/socialserver/spacebar/default.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, spacebar, ... }: +{ + imports = [ + #./nginx + ./user + ]; + + config = lib.mkIf config.system.socialserver.enable { + systemd.services.spacebar-server = { + enable = true; + description = "Spacebar Chat Server"; + documentation = [ "https://docs.spacebar.chat/" ]; + path = [ spacebar.packages.${pkgs.system}.default ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + WorkingDirectory = "/var/lib/spacebar"; + ExecStart = "start-bundle"; + Restart = "always"; + User = "spacebar"; + }; + }; + environment.persistence."/persist".directories = [ config.systemd.services.spacebar-server.serviceConfig.WorkingDirectory ]; + }; +} diff --git a/modules/system/services/server/socialserver/spacebar/user/default.nix b/modules/system/services/server/socialserver/spacebar/user/default.nix new file mode 100644 index 0000000..16c28a0 --- /dev/null +++ b/modules/system/services/server/socialserver/spacebar/user/default.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: +{ + users = lib.mkIf config.system.socialserver.enable { + users.spacebar = { + group = "spacebar"; + isSystemUser = true; + uid = 138; + }; + groups.spacebar = {}; + }; +} diff --git a/modules/system/services/server/webserver/nginx/default.nix b/modules/system/services/server/webserver/nginx/default.nix index 516a8fe..8834918 100644 --- a/modules/system/services/server/webserver/nginx/default.nix +++ b/modules/system/services/server/webserver/nginx/default.nix @@ -2,6 +2,7 @@ { imports = [ ./rtmp + ./user ./virtualhosts ]; diff --git a/modules/system/accounts/users/system/nginx/default.nix b/modules/system/services/server/webserver/nginx/user/default.nix similarity index 73% rename from modules/system/accounts/users/system/nginx/default.nix rename to modules/system/services/server/webserver/nginx/user/default.nix index 2c5fa8a..ff6b51b 100644 --- a/modules/system/accounts/users/system/nginx/default.nix +++ b/modules/system/services/server/webserver/nginx/user/default.nix @@ -1,6 +1,6 @@ -{ ... }: +{ config, lib, ... }: { - users = { + users = lib.mkIf config.services.nginx.enable { users.nginx = { group = "nginx"; extraGroups = [