Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move server to persistence, still have stuff to fix

Browse source
This commit is contained in:
Jimbo 2025-01-17 17:06:28 -05:00
parent ce6ffd9ee7
commit cc68f883ba
35 changed files with 293 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/system/services/server/webserver/acme/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, ... }:
{
config = lib.mkIf config.system.webserver.enable {
security.acme = {
acceptTerms = true;
defaults.email = "contact@${config.domains.p2}";
};
environment.persistence."/persist".directories = [
"/var/lib/acme"
];
};
}

26
modules/system/services/server/webserver/ddclient/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.system.webserver.enable {
services.ddclient = {
enable = true;
protocol = "cloudflare";
zone = "${config.domains.p2}";
usev6 = "";
username = "token";
passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
domains = [
"${config.domains.p2}"
"*.${config.domains.p2}"
"sv.${config.domains.p2}"
"git.${config.domains.p2}"
"turn.${config.domains.p2}"
"dew.${config.domains.p2}"
"john.${config.domains.p2}"
"rogue.${config.domains.p2}"
];
};
environment.persistence."/persist".directories = [
"/var/lib/private/ddclient"
];
};
}

13
modules/system/services/server/webserver/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, ... }:
{
options.system.webserver.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
./acme
./ddclient
./nginx
];
}

26
modules/system/services/server/webserver/nginx/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, config, lib, ... }:
{
imports = [
./rtmp
./virtualhosts
];
config = lib.mkIf config.system.webserver.enable {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
environment.persistence."/persist".directories = [
"/var/www"
];
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

40
modules/system/services/server/webserver/nginx/rtmp/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs, config, lib, ... }:
{
options.services.nginx.rtmp = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.services.nginx.rtmp.enable {
services.nginx = {
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
hls on;
hls_path /var/www/landing-page/streams/hls/;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
}
}
}
'';
};
systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
};
};
}

7
modules/system/services/server/webserver/nginx/virtualhosts/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./p1
./p2
];
}

26
modules/system/services/server/webserver/nginx/virtualhosts/p1/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable {
enableACME = true;
addSSL = true;
locations = {
"/.well-known/matrix/client".extraConfig = ''
default_type application/json;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${config.domains.p1}"
},
"m.identity_server": {
"base_url": "https://matrix.org"
}
}
';
'';
"/.well-known/matrix/server".extraConfig = ''
default_type application/json;
return 200 '{ "m.server": "matrix.${config.domains.p1}:443" }';
'';
};
};
}

8
modules/system/services/server/webserver/nginx/virtualhosts/p2/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."${config.domains.p2}" = lib.mkIf config.system.server.enable {
enableACME = true;
addSSL = true;
root = "/var/www/landing-page";
};
}