Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

I think my flake needs a complete rewrite

Browse source
This commit is contained in:
Jimbo 2024-10-12 17:35:52 -04:00
parent 87fbcda3d3
commit 65f90a0bf3
65 changed files with 110 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/system/services/server/social/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./matrix
./mastodon
./lemmy
./pixelfed
./owncast
];
}

22
modules/system/services/server/social/lemmy/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ outputs, ... }:
{
imports = [
./nginx
];
services.lemmy = {
enable = true;
nginx.enable = true;
database.createLocally = true;
settings = {
hostname = "lemmy.${outputs.secrets.jimDomain}";
email = {
smtp_server = "mx.${outputs.secrets.jimDomain}:587";
smtp_login = "noreply@${outputs.secrets.jimDomain}";
smtp_from_address = "Jimbo's Lemmy <noreply@${outputs.secrets.jimDomain}>";
smtp_password = outputs.secrets.noreplyPassword;
tls_type = "starttls";
};
};
};
}

7
modules/system/services/server/social/lemmy/nginx/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ outputs, ... }:
{
services.nginx.virtualHosts."lemmy.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
};
}

18
modules/system/services/server/social/mastodon/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs, outputs, ... }:
{
services.mastodon = {
enable = true;
localDomain = "social.${outputs.secrets.jimDomain}";
streamingProcesses = 4;
configureNginx = true;
smtp = {
createLocally = false;
host = "mx.${outputs.secrets.jimDomain}";
port = 587;
authenticate = true;
fromAddress = "Jimbo's Mastodon <noreply@${outputs.secrets.jimDomain}>";
user = "noreply@${outputs.secrets.jimDomain}";
passwordFile = pkgs.writeText "smtp_pass.txt" outputs.secrets.noreplyPassword;
};
};
}

7
modules/system/services/server/social/matrix/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./synapse
./element
];
}

25
modules/system/services/server/social/matrix/element/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs, outputs, ... }:
{
imports = [
./nginx
];
nixpkgs.config.element-web.conf = {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.${outputs.secrets.jimDomain}";
server_name = "matrix.${outputs.secrets.jimDomain}";
};
};
branding = {
#welcome_background_url = "https://staging.${outputs.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
#auth_header_logo_url = "https://staging.${outputs.secrets.jimDomain}/images/logos/bloxelcom.png";
};
embedded_pages = {
home_url = "https://www.${outputs.secrets.jimDomain}/";
};
disable_custom_urls = true;
disable_guests = true;
default_theme = "dark";
};
}

8
modules/system/services/server/social/matrix/element/nginx/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, outputs, ... }:
{
services.nginx.virtualHosts."chat.${outputs.secrets.jimDomain}" = {
enableACME = true;
addSSL = true;
root = "${pkgs.element-web}";
};
}

37
modules/system/services/server/social/matrix/synapse/coturn/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ outputs, config, ... }:
{
services = {
coturn = {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret = "will be world readable for local users :(";
realm = "turn.${outputs.secrets.jimDomain}";
cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
};
# Enable coturn on Synapse
matrix-synapse.settings = {
turn_uris = [
"turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp"
"turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp"
];
turn_shared_secret = config.services.coturn.static-auth-secret;
turn_user_lifetime = "1h";
};
};
# Open coturn ports
networking.firewall = {
allowedUDPPorts = [
3478 5349
];
allowedUDPPortRanges = [
{ from = 49000; to = 50000; }
];
};
}

13
modules/system/services/server/social/matrix/synapse/coturn/nginx/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ outputs, config, ... }:
{
services.nginx.virtualHosts."turn.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
listen = [{
addr = "0.0.0.0";
port = 80;
ssl = false;
}];
locations."/".proxyPass = "http://127.0.0.1:1380";
};
}

57
modules/system/services/server/social/matrix/synapse/default.nix Normal file
View file

@ -0,0 +1,57 @@
{ pkgs, outputs, ... }:
{
imports = [
./coturn
./slidingsync
./nginx
];
services.matrix-synapse = {
enable = true;
settings = {
server_name = "${outputs.secrets.jimDomain}";
public_baseurl = "https://matrix.${outputs.secrets.jimDomain}";
suppress_key_server_warning = true;
listeners = [{
port = 8008;
bind_addresses = [ "::" "0.0.0.0" ];
resources = [ { compress = false; names = [ "client" "federation" ]; } ];
type = "http";
tls = false;
x_forwarded = true;
}];
email = {
notif_from = "Jimbo's Matrix <noreply@${outputs.secrets.jimDomain}>";
smtp_host = "mx.${outputs.secrets.jimDomain}";
smtp_user = "noreply@${outputs.secrets.jimDomain}";
smtp_pass = outputs.secrets.noreplyPassword;
enable_tls = true;
smtp_port = 587;
require_transport_security = true;
};
# Disable registration without email
registrations_require_3pid = [ "email" ];
# Allow only this range of emails
allowed_local_3pids = [{
medium = "email";
pattern = "^[^@]+@jimbosfiles\\.com$";
}];
# Set the type of database
database.name = "sqlite3";
# Allow account registration
enable_registration = true;
# General settings
url_preview_enabled = true;
max_upload_size = "50M";
report_stats = false;
burst_count = 15;
};
};
}

14
modules/system/services/server/social/matrix/synapse/nginx/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ outputs, ... }:
{
services.nginx.virtualHosts."matrix.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations = {
"/".extraConfig = ''return 403;'';
"/client".proxyPass = "http://127.0.0.1:8009";
"/_matrix".proxyPass = "http://127.0.0.1:8008";
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
};
};
}

13
modules/system/services/server/social/matrix/synapse/slidingsync/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, outputs, ... }:
{
services.matrix-sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}";
SYNCV3_BINDADDR = "0.0.0.0:8009";
};
environmentFile = pkgs.writeText "matrixsecret" ''
SYNCV3_SECRET=${outputs.secrets.matrixSecret}
'';
};
}

13
modules/system/services/server/social/owncast/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ outputs, ... }:
{
imports = [
./nginx
];
services.owncast = {
enable = true;
port = 8060;
rtmp-port = 1945;
listen = "0.0.0.0";
};
}

11
modules/system/services/server/social/owncast/nginx/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ outputs, ... }:
{
services.nginx.virtualHosts."live.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8060";
proxyWebsockets = true;
};
};
}

32
modules/system/services/server/social/pixelfed/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, outputs, ... }:
{
services.pixelfed = {
enable = true;
domain = "pics.${outputs.secrets.jimDomain}";
secretFile = pkgs.writeText "appkey" outputs.secrets.pixelfedKey;
settings = {
APP_NAME = ''"Jimbo's Pixelfed"'';
INSTANCE_DESCRIPTION = ''"The Jimbosfiles Pixelfed Instance"'';
INSTANCE_CONTACT_EMAIL = "jimbo@${outputs.secrets.jimDomain}";
OPEN_REGISTRATION = true;
APP_LOCALE = "en";
INSTANCE_DISCOVER_PUBLIC = false;
STORIES_ENABLED = true;
# Mail config
ENFORCE_EMAIL_VERIFICATION = true;
MAIL_FROM_ADDRESS = "noreply@${outputs.secrets.jimDomain}";
MAIL_FROM_NAME = ''"Jimbo's Pixelfed <noreply@${outputs.secrets.jimDomain}>"'';
MAIL_ENCRYPTION = "tls";
MAIL_DRIVER = "smtp";
MAIL_HOST = "mx.${outputs.secrets.jimDomain}";
MAIL_PORT = 587;
MAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
MAIL_PASSWORD = "${outputs.secrets.noreplyPassword}";
};
nginx = {
enableACME = true;
forceSSL = true;
};
};
}