Move more things to Nixlang, remove bemenu and Pavucontrol

2024-08-18 23:42:20 -04:00 · 2024-08-18 23:42:20 -04:00 · bdd47c9572
commit bdd47c9572
parent 5c1ec4d677
4 changed files with 280 additions and 517 deletions
--- a/Server/configuration.nix
+++ b/Server/configuration.nix
@ -146,23 +146,30 @@ in
    # Enable nftables and forwarding
    nftables = {
      enable = true;
-      tables.forwarding = {
-        family = "ip";
-        content = ''
-          chain PREROUTING {
-            type nat hook prerouting priority dstnat; policy accept;
-            tcp dport 2211 dnat to ${pcIP} comment "SSH from PC"
-            udp dport { 27005, 27015, 7777 } dnat to ${pcIP} comment "Games from PC"
-            tcp dport { 58010, 57989, 57984 } dnat to ${pcIP} comment "Sunshine TCP from PC"
-            udp dport { 57998, 57999, 58000 } dnat to ${pcIP} comment "Sunshine UDP from PC"
-            tcp dport { 38010, 37989, 37984 } dnat to ${vmIP} comment "Sunshine TCP from VM"
-            udp dport { 37998, 37999, 38000 } dnat to ${vmIP} comment "Sunshine UDP from VM"
-          }
-          chain POSTROUTING {
-            type nat hook postrouting priority 100; policy accept;
-            oifname "${netInt}" masquerade
-          }
-        '';
+      tables = {
+        forwarding = {
+          family = "ip";
+          content = ''
+            chain PREROUTING {
+              type nat hook prerouting priority dstnat; policy accept;
+              tcp dport 2211 dnat to ${pcIP}:22 comment "SSH to PC"
+              udp dport { 27005, 27015, 7777 } dnat to ${pcIP} comment "Games to PC"
+
+              tcp dport { 58010, 57989, 57984 } dnat to ${pcIP} comment "Sunshine TCP to PC"
+              udp dport { 57998, 57999, 58000 } dnat to ${pcIP} comment "Sunshine UDP to PC"
+
+              tcp dport { 38010, 37989, 37984 } dnat to ${vmIP} comment "Sunshine TCP to VM"
+              udp dport { 37998, 37999, 38000 } dnat to ${vmIP} comment "Sunshine UDP to VM"
+
+              ip saddr ${secrets.freecornIP} tcp dport { 9943, 9944 } dnat to ${vmIP} comment "ALVR TCP to VM"
+              ip saddr ${secrets.freecornIP} udp dport { 9943, 9944 } dnat to ${vmIP} comment "ALVR UDP to VM"
+            }
+            chain POSTROUTING {
+              type nat hook postrouting priority 100; policy accept;
+              oifname "${netInt}" masquerade
+            }
+          '';
+        };
      };
    };
  };
@ -330,7 +337,7 @@ in
          locations."/" = {
            proxyPass = "http://127.0.0.1:255";
            proxyWebsockets = true;
-          };
+	  };
        };

 	# Streaming proxy
@ -409,18 +416,13 @@ in
            application stream {
              record off;
              live on;
-	      deny play all;
+	      allow play all;
              hls on;
              hls_path /var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls;
 	      hls_fragment_naming system;
 	      hls_fragment 3;
              hls_playlist_length 40;
            }
-            application forward {
-              record off;
-              live on;
-	      allow play all;
-            }
          }
        }
      '';
@ -697,7 +699,9 @@ in
  systemd.services.nginx.serviceConfig = {
    SupplementaryGroups = [ "shadow" ];
  };
-  systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls/" ];
+  systemd.services.nginx.serviceConfig.ReadWritePaths = [
+    "/var/www/bloxelcomweb/landing-page/bloxelcom-cable/hls/" 
+  ];

  # Get certificates for Coturn
  security.acme = {
@ -715,7 +719,7 @@ in
  nixpkgs.config.element-web.conf = {
    default_server_config = {
      "m.homeserver" = {
-        base_url = "https://matrix.${bloxelDomain}:443";
+        base_url = "https://matrix.${bloxelDomain}";
        server_name = "matrix.${bloxelDomain}";
      };
    };
@ -751,24 +755,23 @@ in
    # Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "noreply@${bloxelDomain}" = {
-        hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplySmtpHash;
+        hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash;
 	sendOnly = true;
      };
      "jimbo@${bloxelDomain}" = {
-        hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboSmtpHash;
+        hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash;
        aliases = [ "canada@${bloxelDomain}" "contact@${bloxelDomain}" ];
      };
      "lunamoonlight@${bloxelDomain}" = {
-        hashedPasswordFile = pkgs.writeText "luna" secrets.lunaSmtpHash;
+        hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash;
        aliases = [ "us@${bloxelDomain}" "contact@${bloxelDomain}" ];
      };
      "freecorn1854@${bloxelDomain}" = {
-        hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornSmtpHash;
+        hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash;
        aliases = [ "canada@${bloxelDomain}" "contact@${bloxelDomain}" ];
      };
      "tinyattack09@${bloxelDomain}" = {
-        hashedPasswordFile = pkgs.writeText "tiny" secrets.tinySmtpHash;
-	aliases = [ "smallthing@${bloxelDomain}" ];
+        hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash;
      };
    };
  };