Lots of user changes and also Spacebar

2025-03-14 18:23:32 -04:00 · 2025-03-14 18:23:32 -04:00 · 36c3f778c8
commit 36c3f778c8
parent b5ec4cbf68
19 changed files with 69 additions and 43 deletions
--- a/hosts/midas/firewall/default.nix
+++ b/hosts/midas/firewall/default.nix
@ -13,7 +13,6 @@
        chain PREROUTING {
          type nat hook prerouting priority dstnat; policy accept;
          tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC"
-          tcp dport 2222 dnat to 10.100.0.19:22 comment "SSH to Oracle VM"
          
          udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games"
          
@ -28,7 +27,7 @@

        chain POSTROUTING {
          type nat hook postrouting priority 100; policy accept;
-          oifname "eno1" masquerade
+          oifname "enp0s31f6" masquerade
        }
      '';
    };
--- a/modules/system/accounts/default.nix
+++ b/modules/system/accounts/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
  imports = [
    ./users
    ./groups
--- a/modules/system/accounts/users/custom/default.nix
+++ b/modules/system/accounts/users/custom/default.nix
@ -1,7 +0,0 @@
-{ home-manager, ... }:
-{
-  imports = [
-    ./main
-    home-manager.nixosModules.home-manager
-  ];
-}
--- a/modules/system/accounts/users/default.nix
+++ b/modules/system/accounts/users/default.nix
@ -1,9 +1,7 @@
-{ ... }:
+{ home-manager, ... }:
 {
  imports = [
-    ./custom
-    ./system
+    ./main
+    home-manager.nixosModules.home-manager
  ];
-
-  users.mutableUsers = false;
 }
--- a/modules/system/accounts/users/custom/main/default.nix
+++ b/modules/system/accounts/users/custom/main/default.nix
@ -12,14 +12,14 @@
      isNormalUser = true;
      createHome = true;
      openssh.authorizedKeys.keyFiles = [
-        ../../../../../../hosts/tower/id_ed25519.pub
+        ../../../../../hosts/tower/id_ed25519.pub

-        ../../../../../../hosts/envy/id_ed25519.pub
-        ../../../../../../hosts/pear/id_ed25519.pub
-        ../../../../../../hosts/redmond/id_ed25519.pub
+        ../../../../../hosts/envy/id_ed25519.pub
+        ../../../../../hosts/pear/id_ed25519.pub
+        ../../../../../hosts/redmond/id_ed25519.pub

-        ../../../../../../hosts/midas/id_ed25519.pub
-        ../../../../../../hosts/prophet/id_ed25519.pub
+        ../../../../../hosts/midas/id_ed25519.pub
+        ../../../../../hosts/prophet/id_ed25519.pub
      ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
@ -43,6 +43,6 @@
      shell = pkgs.zsh;
    };

-    home-manager.users."${config.sysusers.main}" = import ../../../../../home;
+    home-manager.users."${config.sysusers.main}" = import ../../../../home;
  };
 }
--- a/modules/system/accounts/users/system/default.nix
+++ b/modules/system/accounts/users/system/default.nix
@ -1,9 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./jellyfin
-    ./liquidsoap
-    ./nextcloud
-    ./nginx
-  ];
-}
--- a/modules/system/secrets/default.nix
+++ b/modules/system/secrets/default.nix
--- a/modules/system/services/server/fileserver/jellyfin/default.nix
+++ b/modules/system/services/server/fileserver/jellyfin/default.nix
@ -1,6 +1,9 @@
 { config, lib, ... }:
 {
-  imports = [ ./nginx ];
+  imports = [
+    ./nginx
+    ./user
+  ];

  config = lib.mkIf config.system.fileserver.enable {
    services.jellyfin.enable = true;
--- a/modules/system/services/server/fileserver/jellyfin/nginx/default.nix
+++ b/modules/system/services/server/fileserver/jellyfin/nginx/default.nix
@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
+  services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.jellyfin.enable {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
--- a/modules/system/services/server/fileserver/jellyfin/user/default.nix
+++ b/modules/system/services/server/fileserver/jellyfin/user/default.nix
@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
 {
-  users = {
+  users = lib.mkIf config.services.jellyfin.enable {
    users.jellyfin = {
      group = "jellyfin";
      extraGroups = [ "nfsShare" ];
--- a/modules/system/services/server/fileserver/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/default.nix
@ -1,6 +1,9 @@
 { config, lib, pkgs, ... }:
 {
-  imports = [ ./nginx ];
+  imports = [
+    ./nginx
+    ./user
+  ];

  config = lib.mkIf config.system.fileserver.enable {
    services.nextcloud = {
--- a/modules/system/services/server/fileserver/nextcloud/user/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/user/default.nix
@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
 {
-  users = {
+  users = lib.mkIf config.services.nextcloud.enable {
    users.nextcloud = {
      group = "nextcloud";
      extraGroups = [ "nfsShare" ];
--- a/modules/system/services/server/icecast/liquidsoap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@ -3,5 +3,6 @@
  imports = [
    ./nixbops
    ./nixscrap
+    ./user
  ];
 }
--- a/modules/system/services/server/icecast/liquidsoap/user/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/user/default.nix
@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
 {
-  users = {
+  users = lib.mkIf config.services.icecast.enable {
    users.liquidsoap = {
      group = "liquidsoap";
      extraGroups = [ "nginx" ];
--- a/modules/system/services/server/socialserver/default.nix
+++ b/modules/system/services/server/socialserver/default.nix
@ -3,7 +3,7 @@
  imports = [
    ./mastodon
    ./owncast
-    #./spacebar
+    ./spacebar
  ];

  options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services";
--- a/modules/system/services/server/socialserver/spacebar/default.nix
+++ b/modules/system/services/server/socialserver/spacebar/default.nix
@ -0,0 +1,25 @@
+{ config, lib, pkgs, spacebar, ... }:
+{
+  imports = [
+    #./nginx
+    ./user
+  ];
+
+  config = lib.mkIf config.system.socialserver.enable {
+    systemd.services.spacebar-server = {
+      enable = true;
+      description = "Spacebar Chat Server";
+      documentation = [ "https://docs.spacebar.chat/" ];
+      path = [ spacebar.packages.${pkgs.system}.default ];
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        WorkingDirectory = "/var/lib/spacebar";
+        ExecStart = "start-bundle";
+        Restart = "always";
+        User = "spacebar";
+      };
+    };
+    environment.persistence."/persist".directories = [ config.systemd.services.spacebar-server.serviceConfig.WorkingDirectory ];
+  };
+}
--- a/modules/system/services/server/socialserver/spacebar/user/default.nix
+++ b/modules/system/services/server/socialserver/spacebar/user/default.nix
@ -0,0 +1,11 @@
+{ config, lib, ... }:
+{
+  users = lib.mkIf config.system.socialserver.enable {
+    users.spacebar = {
+      group = "spacebar";
+      isSystemUser = true;
+      uid = 138;
+    };
+    groups.spacebar = {};
+  };
+}
--- a/modules/system/services/server/webserver/nginx/default.nix
+++ b/modules/system/services/server/webserver/nginx/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./rtmp
+    ./user
    ./virtualhosts
  ];

--- a/modules/system/services/server/webserver/nginx/user/default.nix
+++ b/modules/system/services/server/webserver/nginx/user/default.nix
@ -1,6 +1,6 @@
-{ ... }:
+{ config, lib, ... }:
 {
-  users = {
+  users = lib.mkIf config.services.nginx.enable {
    users.nginx = {
      group = "nginx";
      extraGroups = [