Lots of user changes and also Spacebar

This commit is contained in:
Bun 2025-03-14 18:23:32 -04:00
parent b5ec4cbf68
commit 36c3f778c8
19 changed files with 69 additions and 43 deletions

View file

@ -13,7 +13,6 @@
chain PREROUTING { chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept; type nat hook prerouting priority dstnat; policy accept;
tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC" tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC"
tcp dport 2222 dnat to 10.100.0.19:22 comment "SSH to Oracle VM"
udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games" udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games"
@ -28,7 +27,7 @@
chain POSTROUTING { chain POSTROUTING {
type nat hook postrouting priority 100; policy accept; type nat hook postrouting priority 100; policy accept;
oifname "eno1" masquerade oifname "enp0s31f6" masquerade
} }
''; '';
}; };

View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./users ./users
./groups ./groups

View file

@ -1,7 +0,0 @@
{ home-manager, ... }:
{
imports = [
./main
home-manager.nixosModules.home-manager
];
}

View file

@ -1,9 +1,7 @@
{ ... }: { home-manager, ... }:
{ {
imports = [ imports = [
./custom ./main
./system home-manager.nixosModules.home-manager
]; ];
users.mutableUsers = false;
} }

View file

@ -12,14 +12,14 @@
isNormalUser = true; isNormalUser = true;
createHome = true; createHome = true;
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
../../../../../../hosts/tower/id_ed25519.pub ../../../../../hosts/tower/id_ed25519.pub
../../../../../../hosts/envy/id_ed25519.pub ../../../../../hosts/envy/id_ed25519.pub
../../../../../../hosts/pear/id_ed25519.pub ../../../../../hosts/pear/id_ed25519.pub
../../../../../../hosts/redmond/id_ed25519.pub ../../../../../hosts/redmond/id_ed25519.pub
../../../../../../hosts/midas/id_ed25519.pub ../../../../../hosts/midas/id_ed25519.pub
../../../../../../hosts/prophet/id_ed25519.pub ../../../../../hosts/prophet/id_ed25519.pub
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
@ -43,6 +43,6 @@
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
home-manager.users."${config.sysusers.main}" = import ../../../../../home; home-manager.users."${config.sysusers.main}" = import ../../../../home;
}; };
} }

View file

@ -1,9 +0,0 @@
{ ... }:
{
imports = [
./jellyfin
./liquidsoap
./nextcloud
./nginx
];
}

Binary file not shown.

View file

@ -1,6 +1,9 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
imports = [ ./nginx ]; imports = [
./nginx
./user
];
config = lib.mkIf config.system.fileserver.enable { config = lib.mkIf config.system.fileserver.enable {
services.jellyfin.enable = true; services.jellyfin.enable = true;

View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable { services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.jellyfin.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

View file

@ -1,6 +1,6 @@
{ ... }: { config, lib, ... }:
{ {
users = { users = lib.mkIf config.services.jellyfin.enable {
users.jellyfin = { users.jellyfin = {
group = "jellyfin"; group = "jellyfin";
extraGroups = [ "nfsShare" ]; extraGroups = [ "nfsShare" ];

View file

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ ./nginx ]; imports = [
./nginx
./user
];
config = lib.mkIf config.system.fileserver.enable { config = lib.mkIf config.system.fileserver.enable {
services.nextcloud = { services.nextcloud = {

View file

@ -1,6 +1,6 @@
{ ... }: { config, lib, ... }:
{ {
users = { users = lib.mkIf config.services.nextcloud.enable {
users.nextcloud = { users.nextcloud = {
group = "nextcloud"; group = "nextcloud";
extraGroups = [ "nfsShare" ]; extraGroups = [ "nfsShare" ];

View file

@ -3,5 +3,6 @@
imports = [ imports = [
./nixbops ./nixbops
./nixscrap ./nixscrap
./user
]; ];
} }

View file

@ -1,6 +1,6 @@
{ ... }: { config, lib, ... }:
{ {
users = { users = lib.mkIf config.services.icecast.enable {
users.liquidsoap = { users.liquidsoap = {
group = "liquidsoap"; group = "liquidsoap";
extraGroups = [ "nginx" ]; extraGroups = [ "nginx" ];

View file

@ -3,7 +3,7 @@
imports = [ imports = [
./mastodon ./mastodon
./owncast ./owncast
#./spacebar ./spacebar
]; ];
options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services"; options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services";

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, spacebar, ... }:
{
imports = [
#./nginx
./user
];
config = lib.mkIf config.system.socialserver.enable {
systemd.services.spacebar-server = {
enable = true;
description = "Spacebar Chat Server";
documentation = [ "https://docs.spacebar.chat/" ];
path = [ spacebar.packages.${pkgs.system}.default ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
WorkingDirectory = "/var/lib/spacebar";
ExecStart = "start-bundle";
Restart = "always";
User = "spacebar";
};
};
environment.persistence."/persist".directories = [ config.systemd.services.spacebar-server.serviceConfig.WorkingDirectory ];
};
}

View file

@ -0,0 +1,11 @@
{ config, lib, ... }:
{
users = lib.mkIf config.system.socialserver.enable {
users.spacebar = {
group = "spacebar";
isSystemUser = true;
uid = 138;
};
groups.spacebar = {};
};
}

View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./rtmp ./rtmp
./user
./virtualhosts ./virtualhosts
]; ];

View file

@ -1,6 +1,6 @@
{ ... }: { config, lib, ... }:
{ {
users = { users = lib.mkIf config.services.nginx.enable {
users.nginx = { users.nginx = {
group = "nginx"; group = "nginx";
extraGroups = [ extraGroups = [