Lots of user changes and also Spacebar
This commit is contained in:
parent
b5ec4cbf68
commit
36c3f778c8
19 changed files with 69 additions and 43 deletions
|
@ -13,7 +13,6 @@
|
||||||
chain PREROUTING {
|
chain PREROUTING {
|
||||||
type nat hook prerouting priority dstnat; policy accept;
|
type nat hook prerouting priority dstnat; policy accept;
|
||||||
tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC"
|
tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC"
|
||||||
tcp dport 2222 dnat to 10.100.0.19:22 comment "SSH to Oracle VM"
|
|
||||||
|
|
||||||
udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games"
|
udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games"
|
||||||
|
|
||||||
|
@ -28,7 +27,7 @@
|
||||||
|
|
||||||
chain POSTROUTING {
|
chain POSTROUTING {
|
||||||
type nat hook postrouting priority 100; policy accept;
|
type nat hook postrouting priority 100; policy accept;
|
||||||
oifname "eno1" masquerade
|
oifname "enp0s31f6" masquerade
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./users
|
./users
|
||||||
./groups
|
./groups
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
{ home-manager, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./main
|
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,9 +1,7 @@
|
||||||
{ ... }:
|
{ home-manager, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./custom
|
./main
|
||||||
./system
|
home-manager.nixosModules.home-manager
|
||||||
];
|
];
|
||||||
|
|
||||||
users.mutableUsers = false;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,14 +12,14 @@
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keyFiles = [
|
openssh.authorizedKeys.keyFiles = [
|
||||||
../../../../../../hosts/tower/id_ed25519.pub
|
../../../../../hosts/tower/id_ed25519.pub
|
||||||
|
|
||||||
../../../../../../hosts/envy/id_ed25519.pub
|
../../../../../hosts/envy/id_ed25519.pub
|
||||||
../../../../../../hosts/pear/id_ed25519.pub
|
../../../../../hosts/pear/id_ed25519.pub
|
||||||
../../../../../../hosts/redmond/id_ed25519.pub
|
../../../../../hosts/redmond/id_ed25519.pub
|
||||||
|
|
||||||
../../../../../../hosts/midas/id_ed25519.pub
|
../../../../../hosts/midas/id_ed25519.pub
|
||||||
../../../../../../hosts/prophet/id_ed25519.pub
|
../../../../../hosts/prophet/id_ed25519.pub
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
|
||||||
|
@ -43,6 +43,6 @@
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users."${config.sysusers.main}" = import ../../../../../home;
|
home-manager.users."${config.sysusers.main}" = import ../../../../home;
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,9 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./jellyfin
|
|
||||||
./liquidsoap
|
|
||||||
./nextcloud
|
|
||||||
./nginx
|
|
||||||
];
|
|
||||||
}
|
|
Binary file not shown.
|
@ -1,6 +1,9 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
imports = [ ./nginx ];
|
imports = [
|
||||||
|
./nginx
|
||||||
|
./user
|
||||||
|
];
|
||||||
|
|
||||||
config = lib.mkIf config.system.fileserver.enable {
|
config = lib.mkIf config.system.fileserver.enable {
|
||||||
services.jellyfin.enable = true;
|
services.jellyfin.enable = true;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
|
services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.jellyfin.enable {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
users = {
|
users = lib.mkIf config.services.jellyfin.enable {
|
||||||
users.jellyfin = {
|
users.jellyfin = {
|
||||||
group = "jellyfin";
|
group = "jellyfin";
|
||||||
extraGroups = [ "nfsShare" ];
|
extraGroups = [ "nfsShare" ];
|
|
@ -1,6 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [ ./nginx ];
|
imports = [
|
||||||
|
./nginx
|
||||||
|
./user
|
||||||
|
];
|
||||||
|
|
||||||
config = lib.mkIf config.system.fileserver.enable {
|
config = lib.mkIf config.system.fileserver.enable {
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
users = {
|
users = lib.mkIf config.services.nextcloud.enable {
|
||||||
users.nextcloud = {
|
users.nextcloud = {
|
||||||
group = "nextcloud";
|
group = "nextcloud";
|
||||||
extraGroups = [ "nfsShare" ];
|
extraGroups = [ "nfsShare" ];
|
|
@ -3,5 +3,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
./nixbops
|
./nixbops
|
||||||
./nixscrap
|
./nixscrap
|
||||||
|
./user
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
users = {
|
users = lib.mkIf config.services.icecast.enable {
|
||||||
users.liquidsoap = {
|
users.liquidsoap = {
|
||||||
group = "liquidsoap";
|
group = "liquidsoap";
|
||||||
extraGroups = [ "nginx" ];
|
extraGroups = [ "nginx" ];
|
|
@ -3,7 +3,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./mastodon
|
./mastodon
|
||||||
./owncast
|
./owncast
|
||||||
#./spacebar
|
./spacebar
|
||||||
];
|
];
|
||||||
|
|
||||||
options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services";
|
options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services";
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, lib, pkgs, spacebar, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
#./nginx
|
||||||
|
./user
|
||||||
|
];
|
||||||
|
|
||||||
|
config = lib.mkIf config.system.socialserver.enable {
|
||||||
|
systemd.services.spacebar-server = {
|
||||||
|
enable = true;
|
||||||
|
description = "Spacebar Chat Server";
|
||||||
|
documentation = [ "https://docs.spacebar.chat/" ];
|
||||||
|
path = [ spacebar.packages.${pkgs.system}.default ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
WorkingDirectory = "/var/lib/spacebar";
|
||||||
|
ExecStart = "start-bundle";
|
||||||
|
Restart = "always";
|
||||||
|
User = "spacebar";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.persistence."/persist".directories = [ config.systemd.services.spacebar-server.serviceConfig.WorkingDirectory ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
users = lib.mkIf config.system.socialserver.enable {
|
||||||
|
users.spacebar = {
|
||||||
|
group = "spacebar";
|
||||||
|
isSystemUser = true;
|
||||||
|
uid = 138;
|
||||||
|
};
|
||||||
|
groups.spacebar = {};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./rtmp
|
./rtmp
|
||||||
|
./user
|
||||||
./virtualhosts
|
./virtualhosts
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
users = {
|
users = lib.mkIf config.services.nginx.enable {
|
||||||
users.nginx = {
|
users.nginx = {
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
extraGroups = [
|
extraGroups = [
|
Loading…
Add table
Reference in a new issue