diff --git a/hosts/kitty/boot/default.nix b/hosts/kitty/boot/default.nix index 90567b0..3ddcac8 100644 --- a/hosts/kitty/boot/default.nix +++ b/hosts/kitty/boot/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, ... }: { boot = { kernelPackages = pkgs.linuxPackages_hardened; diff --git a/hosts/prophet/boot/default.nix b/hosts/prophet/boot/default.nix index d989cc0..3293d0c 100644 --- a/hosts/prophet/boot/default.nix +++ b/hosts/prophet/boot/default.nix @@ -1,37 +1,7 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { boot = { - initrd = { - systemd = { - enable = true; - services.root-reset = { - description = "Reset root and snapshot last boot"; - wantedBy = [ "initrd.target" ]; - after = [ "dev-${config.networking.hostName}-root.device" ]; - before = [ "sysroot.mount" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - mkdir -p /mnt - mount /dev/${config.networking.hostName}/root /mnt - - if [[ -e /mnt/prev ]]; then - btrfs subvolume delete /mnt/prev - fi - - btrfs subvolume snapshot /mnt/root /mnt/prev - - btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do - btrfs subvolume delete "/mnt/$subvolume" - done - - btrfs subvolume delete /mnt/root - btrfs subvolume create /mnt/root - - umount /mnt - ''; - }; - }; - }; + kernelPackages = pkgs.linuxPackages_hardened; + initrd.systemd.services.root-reset.enable = lib.mkForce false; }; } diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index aadf487..287eb20 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -1,28 +1,26 @@ -{ config, ... }: +{ lib, ... }: { imports = [ + ./boot + ./filesystems ./hardware - - # Apps and programs - ../../../modules/system - ../../../modules/system/accounts - ../../../modules/system/devices/filesystems - ../../../modules/system/devices/boot/systemd - ../../../modules/system/devices/networking - ../../../modules/system/devices/networking/firewall/pc - ../../../modules/system/devices/networking/wireguard/pc - ../../../modules/system/programs/git - ../../../modules/system/programs/security - ../../../modules/system/services/common - ../../../modules/system/services/server/acme - ../../../modules/system/services/server/webhost/nginx - ../../../modules/system/services/server/mailserver - - # Misc - ../../../overlays - ../../../variables + ./users + ../../modules/system ]; - networking.hostName = "prophet"; - networking.wireguard.interfaces.wgc.ips = [ "10.100.0.19/24" ]; + networking = { + hostName = "prophet"; + hostId = "97a21a38"; + wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ]; + }; + + environment.persistence."/persist".enable = lib.mkForce false; + + system = { + desktop.enable = false; + mailserver.enable = true; + wireless.enable = false; + wireguard.client.enable = true; + stateVersion = "24.05"; + }; } diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/devices/networking/wireguard/client/default.nix index 3002b23..1d63d37 100644 --- a/modules/system/devices/networking/wireguard/client/default.nix +++ b/modules/system/devices/networking/wireguard/client/default.nix @@ -14,7 +14,7 @@ { # Cyberspark Server publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "sv.${config.domains.jim1}:51820"; + endpoint = "sv.${config.domains.p1}:51820"; persistentKeepalive = 25; } ]; diff --git a/modules/system/services/server/minecraft/servers/johnside/default.nix b/modules/system/services/server/minecraft/servers/johnside/default.nix index c38fbb6..b3b3d4b 100644 --- a/modules/system/services/server/minecraft/servers/johnside/default.nix +++ b/modules/system/services/server/minecraft/servers/johnside/default.nix @@ -2,53 +2,29 @@ let common = import ../../common { inherit pkgs; }; in { - services = { - minecraft-servers.servers.johnside = { - package = pkgs.paperServers.paper-1_20_6; - jvmOpts = "-Xmx2500M"; - serverProperties = common.serverProperties // { - difficulty = 2; - server-port = 30009; - motd = "\\u00A7l\\u00A79Johnside SMP\\u00A7r \\u00A7l\\u00A7fworld for \\u00A74John lovers only."; - }; - whitelist = common.whitelist; - symlinks = common.paperSymlinks // { - "plugins/BlueMap.jar" = builtins.fetchurl { - url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar"; - sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw"; - }; - "plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl { - url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar"; - sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr"; - }; - "plugins/BlueMapMarkerManager.jar" = builtins.fetchurl { - url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar"; - sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d"; - }; - "plugins/CustomDiscs.jar" = builtins.fetchurl { - url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar"; - sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d"; - }; - "plugins/NotTooExpensive.jar" = builtins.fetchurl { - url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar"; - sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d"; - }; - "plugins/SilkTouchHands.jar" = builtins.fetchurl { - url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar"; - sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w"; - }; - }; - files = common.configFiles; + services.minecraft-servers.servers.johnside = { + package = pkgs.paperServers.paper-1_20_6; + jvmOpts = "-Xmx2500M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30009; + motd = "\\u00A7l\\u00A79Johnside SMP\\u00A7r \\u00A7l\\u00A7fworld for \\u00A74John lovers only."; }; - - # BlueMap webhost - nginx.virtualHosts."john.${config.domains.p1}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:31010"; - proxyWebsockets = true; + whitelist = common.whitelist; + symlinks = common.paperSymlinks // { + "plugins/CustomDiscs.jar" = builtins.fetchurl { + url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar"; + sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d"; + }; + "plugins/NotTooExpensive.jar" = builtins.fetchurl { + url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar"; + sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d"; + }; + "plugins/SilkTouchHands.jar" = builtins.fetchurl { + url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar"; + sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w"; }; }; + files = common.configFiles; }; } diff --git a/modules/system/services/server/nginx/default.nix b/modules/system/services/server/nginx/default.nix index 2151d14..7d1677b 100644 --- a/modules/system/services/server/nginx/default.nix +++ b/modules/system/services/server/nginx/default.nix @@ -5,7 +5,7 @@ ./virtualhosts ]; - config = lib.mkIf config.system.server.enable { + config = lib.mkIf (config.system.server.enable || config.system.mailserver.enable) { services.nginx = { enable = true; recommendedTlsSettings = true; diff --git a/modules/system/services/server/vaultwarden/nginx/default.nix b/modules/system/services/server/vaultwarden/nginx/default.nix index e44a168..5a1ad17 100644 --- a/modules/system/services/server/vaultwarden/nginx/default.nix +++ b/modules/system/services/server/vaultwarden/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."pass.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable { + services.nginx.virtualHosts."pass.${config.domains.p2}" = lib.mkIf config.services.vaultwarden.enable { enableACME = true; forceSSL = true; locations."/" = {