From 36c3f778c89d2449df7edb0901b0dbddd18e69c2 Mon Sep 17 00:00:00 2001
From: Bun <bun@nixfox.ca>
Date: Fri, 14 Mar 2025 18:23:32 -0400
Subject: [PATCH] Lots of user changes and also Spacebar
---
hosts/midas/firewall/default.nix | 3 +--
modules/system/accounts/default.nix | 3 ++-
.../system/accounts/users/custom/default.nix | 7 -----
modules/system/accounts/users/default.nix | 8 +++---
.../users/{custom => }/main/default.nix | 14 +++++-----
.../system/accounts/users/system/default.nix | 9 -------
modules/system/secrets/default.nix | Bin 2066 -> 2033 bytes
.../server/fileserver/jellyfin/default.nix | 5 +++-
.../fileserver/jellyfin/nginx/default.nix | 2 +-
.../fileserver/jellyfin/user}/default.nix | 4 +--
.../server/fileserver/nextcloud/default.nix | 5 +++-
.../fileserver/nextcloud/user}/default.nix | 4 +--
.../server/icecast/liquidsoap/default.nix | 1 +
.../icecast/liquidsoap/user}/default.nix | 4 +--
.../services/server/socialserver/default.nix | 2 +-
.../server/socialserver/spacebar/default.nix | 25 ++++++++++++++++++
.../socialserver/spacebar/user/default.nix | 11 ++++++++
.../server/webserver/nginx/default.nix | 1 +
.../server/webserver/nginx/user}/default.nix | 4 +--
19 files changed, 69 insertions(+), 43 deletions(-)
delete mode 100644 modules/system/accounts/users/custom/default.nix
rename modules/system/accounts/users/{custom => }/main/default.nix (72%)
delete mode 100644 modules/system/accounts/users/system/default.nix
rename modules/system/{accounts/users/system/jellyfin => services/server/fileserver/jellyfin/user}/default.nix (69%)
rename modules/system/{accounts/users/system/nextcloud => services/server/fileserver/nextcloud/user}/default.nix (69%)
rename modules/system/{accounts/users/system/liquidsoap => services/server/icecast/liquidsoap/user}/default.nix (70%)
create mode 100644 modules/system/services/server/socialserver/spacebar/default.nix
create mode 100644 modules/system/services/server/socialserver/spacebar/user/default.nix
rename modules/system/{accounts/users/system/nginx => services/server/webserver/nginx/user}/default.nix (73%)
diff --git a/hosts/midas/firewall/default.nix b/hosts/midas/firewall/default.nix
index 73967e3..8875b2e 100644
--- a/hosts/midas/firewall/default.nix
+++ b/hosts/midas/firewall/default.nix
@@ -13,7 +13,6 @@
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC"
- tcp dport 2222 dnat to 10.100.0.19:22 comment "SSH to Oracle VM"
udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games"
@@ -28,7 +27,7 @@
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
- oifname "eno1" masquerade
+ oifname "enp0s31f6" masquerade
}
'';
};
diff --git a/modules/system/accounts/default.nix b/modules/system/accounts/default.nix
index 5c525dd..dfbc9b1 100644
--- a/modules/system/accounts/default.nix
+++ b/modules/system/accounts/default.nix
@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
imports = [
./users
./groups
diff --git a/modules/system/accounts/users/custom/default.nix b/modules/system/accounts/users/custom/default.nix
deleted file mode 100644
index d2600a9..0000000
--- a/modules/system/accounts/users/custom/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ home-manager, ... }:
-{
- imports = [
- ./main
- home-manager.nixosModules.home-manager
- ];
-}
diff --git a/modules/system/accounts/users/default.nix b/modules/system/accounts/users/default.nix
index 59e3555..d2600a9 100644
--- a/modules/system/accounts/users/default.nix
+++ b/modules/system/accounts/users/default.nix
@@ -1,9 +1,7 @@
-{ ... }:
+{ home-manager, ... }:
{
imports = [
- ./custom
- ./system
+ ./main
+ home-manager.nixosModules.home-manager
];
-
- users.mutableUsers = false;
}
diff --git a/modules/system/accounts/users/custom/main/default.nix b/modules/system/accounts/users/main/default.nix
similarity index 72%
rename from modules/system/accounts/users/custom/main/default.nix
rename to modules/system/accounts/users/main/default.nix
index 00fc0a0..350f082 100644
--- a/modules/system/accounts/users/custom/main/default.nix
+++ b/modules/system/accounts/users/main/default.nix
@@ -12,14 +12,14 @@
isNormalUser = true;
createHome = true;
openssh.authorizedKeys.keyFiles = [
- ../../../../../../hosts/tower/id_ed25519.pub
+ ../../../../../hosts/tower/id_ed25519.pub
- ../../../../../../hosts/envy/id_ed25519.pub
- ../../../../../../hosts/pear/id_ed25519.pub
- ../../../../../../hosts/redmond/id_ed25519.pub
+ ../../../../../hosts/envy/id_ed25519.pub
+ ../../../../../hosts/pear/id_ed25519.pub
+ ../../../../../hosts/redmond/id_ed25519.pub
- ../../../../../../hosts/midas/id_ed25519.pub
- ../../../../../../hosts/prophet/id_ed25519.pub
+ ../../../../../hosts/midas/id_ed25519.pub
+ ../../../../../hosts/prophet/id_ed25519.pub
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
@@ -43,6 +43,6 @@
shell = pkgs.zsh;
};
- home-manager.users."${config.sysusers.main}" = import ../../../../../home;
+ home-manager.users."${config.sysusers.main}" = import ../../../../home;
};
}
diff --git a/modules/system/accounts/users/system/default.nix b/modules/system/accounts/users/system/default.nix
deleted file mode 100644
index ffbaa7a..0000000
--- a/modules/system/accounts/users/system/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ ... }:
-{
- imports = [
- ./jellyfin
- ./liquidsoap
- ./nextcloud
- ./nginx
- ];
-}
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix
index 77483769b1653698c50906705e1af02c97aea64c..3eec42f89b681059858223efb8b421910ddf5a71 100644
GIT binary patch
literal 2033
zcmV<N2M+iEM@dveQdv+`04gwGCt~yq4b=~m(eKO69|GefV6}hhiqe9ztI;u0SVPR_
zV?inOVzuQ8MfRny{nln{BPzFFxH8ONa(F5u7P}^GVEQEkNC~Y93}t#%6)lQ0sG!b}
zHq#S00P22Kz^m*@BXY4axYaHXIoR&+bI&rnAR?8&=uJk4rnz#COwN*K9W?n;2KPyH
zRk%BOu?Wd;7CfG8x;oha*m_(PS3MpIdQcyZ4!}u#Z2m@2ul1FWy4Il<Z?&>i);BQP
zCk!{;kkZNo@8j00Cs(K5Y+u!TZ0<nCLrlqTT~xYzHsTeRI<P7WuKzO?j-2@Mnp$|d
zC$iRDkrZu0y;2dGa$Ya?U=L&Qrp(&hASXiNgc}}|>FP(v(dn$$Cr`Fq=YV&t&k}Jr
zGayX`$q-espIyP`#_W&0EJ2joeUzX#9!@O4<cu2_Q$dF+{pU7oP9V~<Wpv?a57%Pd
zWWqXBZDhIO)zM^#_B~IXM#90}Ps=c}51f700!drEnbt2|G6uwwBrh`N92HJG)6Oh8
z^z3d&6$4(|^tNa@5uav?*2^Bp7}m3;ioZ~g`s~C#Y0<c&=EU<S*@8+Zk@!>1a_DH?
z0BU1r@X$~yUA|@m$JQzN%DS$*Z19q$z8jEm=ymiYE>Mg16a+2NWe#*imd8s%kTdz1
z6y(w#uccyI4xQt=PkpX*UHfF(F|-1_DcW0@pE0Qjopn>xE;U&b&}d;wV5@3e56ayd
z>jw{0(0~233n6{;6M{Bqlk#WC{5zQ6=GA}J5udwo%x9Mptu!Es=5(O0sFP~3k(*`m
z8A*j-|1}QNWr1cyrkJqAHyY{`A9e>RdJd{B0!_%IDcjkqvY|b$M@eSM&#}Fci7+vC
zXj|Ic>hZ53z@_V!#$Q&Ho0^d<H{4$#=`Wn~muHS{86~P<&ul*y(A>TbP~8%x^oin8
z{*AAB<)j(AKjn-Y=wJrZ-(mQJphl?<J{d6ShxH0Aq@7W1(%>@k&CUfBVEtk)nG3QE
z{el$*#*)0gO`~Fz8w~jwCxNC_GS`1S?WUo^y5K_@k=*ink2R<xO2Z40l}zY}F&+Zx
z;n$O56j0h%^hz^YE2}P?<gOrrC+F;?#KFFkG?Z9K%iJ8I$r?a3HisXQerV9~cVri+
zJWC|k`=_|TnNmGN>Cos8DfIZalaB<Okyl!-9H0>!AMbKl0_qT+qPcdm7uaz@&yAE4
z+c8%?1p=x%lYW*nv*F<Nhu7{yI#=c%Kq5YU_6Ewb&U!>I+@*(}O$iyCO=Lgw4*cr9
z@a-v4ZvfQ{5GiRxODEEL@Zd!o)bcRn1~%JyTaaqQ=QQTxaHApEcs&#OrD{b3jMm0#
zsKy7gjluEG$y-5c*pU1%*AeXLmkoq!6ULf?P2VbVSg7rBYsbCu^$4>}31uxpN7f*k
zBxUAdqkV!YFAp7WAcX~2-;uy_{BAi)QA8(7_c&yUw<ae39{%YwgOM^Ln{ayCys*+6
zt?C<@sKd%z9-m^TpawLGmN2OOxKNOE!R!Kd_`n)F?=Kg$*~AcvS92%a>|=-ro*+v{
z7)v%^5Gj?P)rqz9SyqaLox($!S@&xc6lJ$+g8Y`4QA#<wrpN(bt{~Tzc`xXbvrEFX
z#cjB=!BOR~ks5>DDlF9J9CaK;APM8Ncu_phM>W1OM7X8%lsW~!3a!IbYfz_fTGBqg
ze`N`kYj`IfK@4zRt)I+PtNzgI5<NaSna6y`IusU1^^C~m(RsP(`*fZkJq(}Hhu^^w
zrtQ-bS6)&ngqD$W?j!jxa@vm95O4h9zLEXx&ctBuy3kWwoSkbZ@qjLP+g<d<n#{f2
zUS0M%AhMf=4eU@7B0xvrijN`}FW(EzO0UoBwuk{-UfjYdLz`3{cHl6?d3S@X#TQ$d
zEdawm%)UsDL<zRCpMYpZhIhumjk#E3y}73<(%HShsf+|Sh4?@4o;@49Hfq^>c28cR
z6|I`hF<fJR!-D4e<Z5!T2cumvpR4IoYK^HUt#HU!>THcvstm{QmI_rA#Kk;SxK~ZI
z>3QHkpwXSVsm9#gQjFdNt(J%-kWVBjcbkUsL>|Rgj59RGz!<L?WBFR33#<yTzuhg&
zfP`sQ8%_-xQ{D*0GKrjeMU|P;!6qH@QxvB>0EY?zj`X2iX&|>(PgQOk$3oatlVt)F
z@*!zB7@ODP7cxB=<2abIGwor8%mQlY8rYjm@tTBWSV&CL{I1Q~zG^wh)M=M}{aY3u
zvg~rO&x9ZGl>gwBk5O|q566+wp0}ZX9y+eGK_=INf}N^f9v<QY4g|`@n@pV5>#B<n
zxJX4~`&adKESLwnNeG-BL@gh+DU_|iP}Slwf6n~Xobk~qxp|!gm1v2dK9w^>>w6i!
zlgZX;Xcvd9Y8-crxQ0?a!n)Q+;TL^bp@gcKZcDAGnDIryjaQ)5_h5A4)>zm6z^%kS
z&_|9v4^(<L^{y2fL>PotnA@0*-!>z+Bc>im4Qs+6+0VZheu|r`Imof$n6VBK$wt%W
zw>GfS5d%pp7Sq^faDFYs%F_;p<yu}l1n)WmWjOICdnM(=ul9sBJmizj>Mp(#Q-zZ2
z?$$gtLS~EfJz;^^Y3$b98#|?_zIV$*xE!;=g0qVtayE6)1TWuh(qDFogp7!`8p9V6
PiJBw8Ql!mZ%Ogc!a<%g5
literal 2066
zcmV+t2<`U(M@dveQdv+`02pA5Ln*ZS(Tskg<%%&o)?8a8T+u1VP&2?Q_tHscV-g@V
z(f?7*GwuSQ^EoMbk-hhC#yuUM_MweqsERqY-q=!+FHmYP?r)23>1%{{qg9jPDl?6N
zmoJXw{u@D*@kjN(DNriF_y&yltkxbJ<mRa?4OENsE*?_U3}pk9eAHyB`?cF<IEU`5
zrJ#uP9LJ^V(i?5H1_Tbktbb}rrJ}#03~4R7Plcnra#SLo#K522<Yh<0m}Y|qGggQ2
zP!>9@r2N2qFhSEylOREHHyXqty_rNus`!#U$YYQ55#-hgv_NJ1HY>xITJWM)pyLX~
z%h&f=qW7(SeOpLDqdh{Kr2g^{Cv%j5SzpCXtS*dj_i$@S6`%J@v_|F@i?tzxIi5$u
zMY*lp(7Let!TGRlo9Vn<`ztqGqc7!>a%Np1A*x2Q5jX=Ubb4z_2!BDlO{`l1vtq%a
z2%yT^WI%LzuljV#;cvXUUE4BQqp<fQcW){3F?$I+Ya7)dka|#wGH2y}S&g?UY8j2q
z`25j*qfl>Rb5H9`9IphwiViFTJ>g<!OUW*#I2BPp@qsyEZ`(qnDju=N`L=<o1{2={
zue)}8rSp{G)tbPg_Bzk3SAeNcjfC*?|2Nm8J*k>eF(HEDw8#B#<?xmDv|S_aVXd1{
zSMLsNroT{oFMK9t;#+q>dq!%O4pa5V9j~D&j@N_?CRcn4Xp^}Kvig((8}YM~`ys%}
z1Kjq$Z6Iy-DlXH1)6g$)lx1<2#fB$yv>)6?D(+y#b$lauDA-<Xf@B9;Pe`89F^P&d
zT>$?o{RihZDgLBB8;%X$iIfjEv&ii~b`Ca8Ws2alV1)0k+H1Roca9lS(_dIUXH70&
zEU9}OKkmqOhh7V-^2t8hUYfJq>X>bDgBo4sd($AId@KI;sZ`e12NcrCatN|R^W-^D
zU>c$4i#s)?Qhq#Lec$Yr#^%e$=HhjPGM3*Rg0rBe58hi~aAvijals`~56lr%sqVf0
zpC<{T9!GZg^@+D`H;P`S>)e}YbN&DZmuAY4c;=`{={=fHmCqJ!W>>C~io5YmI)c#`
zz0EEZFPNXC$v?r8D9l1n4wmN1Iez61z?A%~=yg<S{c3DCNi_iGP6Z$WZ(PjW{;3Jl
z@QU8CdzZ`%+khlY*CFyy?Y(^O+Km7l8+SrZeD&*Et!htkeC`~JUmvCI2q#8{)*^^D
z(`!l>iNuf4s1@g>8jsBjU++SqMc;3DA#wgpq`JWemjIdvl3&n~HIzat!@X?U!y!SJ
z6n;4RKm8H+HQySM7JmQV=3(S>{uxOVOa(23=~Rvd!GDK0kWqeMXT=FzhX18cW^1*i
zaO!5606e)ZJ@Zc4NqvP<=!Bp4d!O;u_Y41?al<@u*AcE^Xh~4;EhhMFI)6TwI4agn
z6gA9{&I(1b*F$<`TLEvb3WaYsen`91kw-q*)nI0mJUWy5!17Dj|Ew8?#YPd$@Xbz@
zGWkxTW!$yHO_7#p37&v<HZ;1R&i5Dg%xD90;*s+jxhjcN*%TLYdVy%{#YrW4w!CPG
z=nay^<7SV+ZmnO1GG_AE5abo*8>W#J%hB0q;Aw99wXHc|c(G9hi$)r3YB`5A5Ln66
z_|gFFY8v8R^q!a#55YQeQh!tH&kyay$ly*S%m1m78~!IupA#fudRpg(UL%Mqg7pK-
zK5x8<9yqZ3g4E8K!Rm#qpBBwY_XG;C*E5GJ@UqAZE#uzP7JE!mlTWEsJ)@G%HoW@^
z{jJ0eV}Bt|W=3#(Vq5FnD8vaH0}_b<Z-i7xUFbtGMEj$)4>&V2YnT!o>5Fq+tg*2W
zMg;@9qSN|g<uys|2s)hkz05u{(no+olR6U``Fc^n6l5S$3`BMcQPDcZkMM}h?b)m(
z^_Lc={B$*Tqt{~*NeNoys=`Ygs!u1f;foRvHQ<%lza-`3aY4~0@$u^wOs_!d+P*85
zyF+5LlpDiVjy0UYMw3j3UxtT8y;|Z)*7u;D%x_qNl{$V*uu2{{Y&@lU0;$}zuU+=d
zu;rBDZ4SQ_Oa1b18AMm-Fxn#|Oo5`l)@bBeBJ<CQ2KCi2Fb?x%`gpgyKu~)j*x_sv
z_kRv-evPDEco8GkHPNm4x^PS=qUF1M`qXW3DTwT9(>?L~E)Z!<kE>#^hoy!r9*X;n
zvgv~-=5L$2g1e!=UK}`MGUi~8Rr+nfx<$kE8!$bJq$;8CR;Jm$=UV!;AGE?P4mJp$
zRScW(V<8bP`b<=HInOIv1kyH;MCa!s+wofBlTV=-=L9C`RKN~pCfjP#7|yUNM5qq?
zBjbDIA#$W)y&qG1Kf9%weE9Te3SSxqgr$d-aHQH-Hh^+A#>WT&+EkA{@g)KJCW=AQ
zWu1ac;qJ2b%=u)=m3^P(Js<K8=g@=L2}ynW{=S)*ME+4Wt;Z(lo>DtlH_V<}oL9){
z47!3Ct{*Ag0I$X8xcT3><D)j+^2`PMv9sYaN}jfHT?oOVMM#9l7nrt-zBqN)>`0wV
zD$$&da{;0Dim9j|^sPC?K9666V`V}8nWQKi5P&8#VGqm5P^q^>1(vY?RGzu(iCR;P
zX()ntvGR6VgMeg0Pv>S7Zpy>dJC&B@E=*(KroAXc0CmUf$wd72yzGN<I1jOwfv=6>
wrK=rw?a#^432xvH5FBY3!I;{AzvU}YZbmQ1+Qok>*{-<LAq7ut9%`w>`xo95=l}o!
diff --git a/modules/system/services/server/fileserver/jellyfin/default.nix b/modules/system/services/server/fileserver/jellyfin/default.nix
index c0ad6af..b50ec1f 100644
--- a/modules/system/services/server/fileserver/jellyfin/default.nix
+++ b/modules/system/services/server/fileserver/jellyfin/default.nix
@@ -1,6 +1,9 @@
{ config, lib, ... }:
{
- imports = [ ./nginx ];
+ imports = [
+ ./nginx
+ ./user
+ ];
config = lib.mkIf config.system.fileserver.enable {
services.jellyfin.enable = true;
diff --git a/modules/system/services/server/fileserver/jellyfin/nginx/default.nix b/modules/system/services/server/fileserver/jellyfin/nginx/default.nix
index bc9db65..26d20ab 100644
--- a/modules/system/services/server/fileserver/jellyfin/nginx/default.nix
+++ b/modules/system/services/server/fileserver/jellyfin/nginx/default.nix
@@ -1,6 +1,6 @@
{ config, lib, ... }:
{
- services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
+ services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.jellyfin.enable {
enableACME = true;
forceSSL = true;
locations."/" = {
diff --git a/modules/system/accounts/users/system/jellyfin/default.nix b/modules/system/services/server/fileserver/jellyfin/user/default.nix
similarity index 69%
rename from modules/system/accounts/users/system/jellyfin/default.nix
rename to modules/system/services/server/fileserver/jellyfin/user/default.nix
index ed8cc7b..a168eed 100644
--- a/modules/system/accounts/users/system/jellyfin/default.nix
+++ b/modules/system/services/server/fileserver/jellyfin/user/default.nix
@@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
{
- users = {
+ users = lib.mkIf config.services.jellyfin.enable {
users.jellyfin = {
group = "jellyfin";
extraGroups = [ "nfsShare" ];
diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix
index 831bedd..0dbb2ef 100644
--- a/modules/system/services/server/fileserver/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/default.nix
@@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }:
{
- imports = [ ./nginx ];
+ imports = [
+ ./nginx
+ ./user
+ ];
config = lib.mkIf config.system.fileserver.enable {
services.nextcloud = {
diff --git a/modules/system/accounts/users/system/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/user/default.nix
similarity index 69%
rename from modules/system/accounts/users/system/nextcloud/default.nix
rename to modules/system/services/server/fileserver/nextcloud/user/default.nix
index 0722276..49a6ff0 100644
--- a/modules/system/accounts/users/system/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/user/default.nix
@@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
{
- users = {
+ users = lib.mkIf config.services.nextcloud.enable {
users.nextcloud = {
group = "nextcloud";
extraGroups = [ "nfsShare" ];
diff --git a/modules/system/services/server/icecast/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/default.nix
index 3693261..78024e4 100644
--- a/modules/system/services/server/icecast/liquidsoap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@@ -3,5 +3,6 @@
imports = [
./nixbops
./nixscrap
+ ./user
];
}
diff --git a/modules/system/accounts/users/system/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/user/default.nix
similarity index 70%
rename from modules/system/accounts/users/system/liquidsoap/default.nix
rename to modules/system/services/server/icecast/liquidsoap/user/default.nix
index f83e9cc..3f2f698 100644
--- a/modules/system/accounts/users/system/liquidsoap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/user/default.nix
@@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
{
- users = {
+ users = lib.mkIf config.services.icecast.enable {
users.liquidsoap = {
group = "liquidsoap";
extraGroups = [ "nginx" ];
diff --git a/modules/system/services/server/socialserver/default.nix b/modules/system/services/server/socialserver/default.nix
index c49e35f..eadde80 100644
--- a/modules/system/services/server/socialserver/default.nix
+++ b/modules/system/services/server/socialserver/default.nix
@@ -3,7 +3,7 @@
imports = [
./mastodon
./owncast
- #./spacebar
+ ./spacebar
];
options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services";
diff --git a/modules/system/services/server/socialserver/spacebar/default.nix b/modules/system/services/server/socialserver/spacebar/default.nix
new file mode 100644
index 0000000..95a8d71
--- /dev/null
+++ b/modules/system/services/server/socialserver/spacebar/default.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, spacebar, ... }:
+{
+ imports = [
+ #./nginx
+ ./user
+ ];
+
+ config = lib.mkIf config.system.socialserver.enable {
+ systemd.services.spacebar-server = {
+ enable = true;
+ description = "Spacebar Chat Server";
+ documentation = [ "https://docs.spacebar.chat/" ];
+ path = [ spacebar.packages.${pkgs.system}.default ];
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ WorkingDirectory = "/var/lib/spacebar";
+ ExecStart = "start-bundle";
+ Restart = "always";
+ User = "spacebar";
+ };
+ };
+ environment.persistence."/persist".directories = [ config.systemd.services.spacebar-server.serviceConfig.WorkingDirectory ];
+ };
+}
diff --git a/modules/system/services/server/socialserver/spacebar/user/default.nix b/modules/system/services/server/socialserver/spacebar/user/default.nix
new file mode 100644
index 0000000..16c28a0
--- /dev/null
+++ b/modules/system/services/server/socialserver/spacebar/user/default.nix
@@ -0,0 +1,11 @@
+{ config, lib, ... }:
+{
+ users = lib.mkIf config.system.socialserver.enable {
+ users.spacebar = {
+ group = "spacebar";
+ isSystemUser = true;
+ uid = 138;
+ };
+ groups.spacebar = {};
+ };
+}
diff --git a/modules/system/services/server/webserver/nginx/default.nix b/modules/system/services/server/webserver/nginx/default.nix
index 516a8fe..8834918 100644
--- a/modules/system/services/server/webserver/nginx/default.nix
+++ b/modules/system/services/server/webserver/nginx/default.nix
@@ -2,6 +2,7 @@
{
imports = [
./rtmp
+ ./user
./virtualhosts
];
diff --git a/modules/system/accounts/users/system/nginx/default.nix b/modules/system/services/server/webserver/nginx/user/default.nix
similarity index 73%
rename from modules/system/accounts/users/system/nginx/default.nix
rename to modules/system/services/server/webserver/nginx/user/default.nix
index 2c5fa8a..ff6b51b 100644
--- a/modules/system/accounts/users/system/nginx/default.nix
+++ b/modules/system/services/server/webserver/nginx/user/default.nix
@@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
{
- users = {
+ users = lib.mkIf config.services.nginx.enable {
users.nginx = {
group = "nginx";
extraGroups = [