Generalize ddclient, generalize root reset, fix nextcloud, impermanence is fully working on Kitty.

2025-01-19 15:31:02 -05:00 · 2025-01-19 15:31:02 -05:00 · 2784173155
parent 3477841a82
commit 2784173155
12 changed files with 93 additions and 82 deletions
--- a/hosts/kitty/filesystems/default.nix
+++ b/hosts/kitty/filesystems/default.nix
@ -4,31 +4,31 @@
    "/" = {
      device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287";
      fsType = "btrfs";
-      options = [ "subvol=root" ];
+      options = [ "subvol=root" "compress=zstd" "noatime" "ssd" ];
    };
    "/prev" = {
      device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287";
      fsType = "btrfs";
-      options = [ "subvol=prev" ];
-    };
-    "/persist" = {
-      device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=persist" "compress=zstd" ];
+      options = [ "subvol=prev" "compress=zstd" "noatime" "ssd" "noexec" ];
    };
    "/nix" = {
      device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287";
      fsType = "btrfs";
-      options = [ "subvol=nix" ];
+      options = [ "subvol=nix" "compress=zstd" "noatime" "ssd" ];
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/CD94-1D3F";
      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "umask=0077" ];
    };

-    # Subvols and bindmounts
+    # Impermanence and subvols
+    "/persist" = {
+      device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=persist" "compress=zstd" "noatime" ];
+    };
    "/export/KittyNFS" = {
      depends = [ "/persist" ];
      device = "/persist/export/KittyNFS";
--- a/modules/system/accounts/users/system/nextcloud/default.nix
+++ b/modules/system/accounts/users/system/nextcloud/default.nix
@ -5,7 +5,7 @@
      group = "nextcloud";
      extraGroups = [ "nfsShare" ];
      isSystemUser = true;
-      uid = 995;
+      uid = 218;
    };
    groups.nextcloud = {};
  };
--- a/modules/system/devices/boot/services/root-reset/default.nix
+++ b/modules/system/devices/boot/services/root-reset/default.nix
@ -2,15 +2,15 @@
 {
  boot.initrd.systemd.services.root-reset = {
    enable = true;
-    description = "Reset root and snapshot last boot";
+    description = "Create new and snapshot previous root";
    wantedBy = [ "initrd.target" ];
    before = [ "sysroot.mount" ];
-    after = [ "dev-${config.networking.hostName}-root.device" ];
+    after = [ "initrd-root-device.target" ];
    unitConfig.DefaultDependencies = "no";
    serviceConfig.Type = "oneshot";
    script = ''
      mkdir -p /mnt
-      mount /dev/${config.networking.hostName}/root /mnt
+      mount -t btrfs /dev/${config.networking.hostName}/root /mnt

      if [[ -e /mnt/prev ]]; then
        btrfs subvolume delete /mnt/prev
--- a/modules/system/services/server/forgejo/default.nix
+++ b/modules/system/services/server/forgejo/default.nix
@ -31,6 +31,8 @@

    networking.firewall.allowedTCPPorts = [ 2299 ];

+    services.ddclient.domains = [ "git.${config.domains.p2}" ];
+
    environment.persistence."/persist".directories = [
      "/var/lib/forgejo"
    ];
--- a/modules/system/services/server/mailserver/simplenix/default.nix
+++ b/modules/system/services/server/mailserver/simplenix/default.nix
@ -1,4 +1,4 @@
-{ mailserver, pkgs, config, ... }: 
+{ mailserver, config, lib, pkgs, ... }: 
 {
  imports = [
    ./nginx
@ -52,4 +52,5 @@

  # Rspamd port from earlier to avoid overlap
  services.redis.servers.rspamd.port = 1515;
+  services.ddclient.domains = lib.mkIf config.mailserver.enable [ "mx.${config.domains.p1}" ];
 }
--- a/modules/system/services/server/minecraft/servers/blockworld/default.nix
+++ b/modules/system/services/server/minecraft/servers/blockworld/default.nix
@ -1,18 +1,21 @@
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  common = import ../../common { inherit pkgs; };
 in {
-  services.minecraft-servers.servers.blockworld = {
-    autoStart = false;
-    package = pkgs.paperServers.paper-1_21_1;
-    jvmOpts = "-Xmx3072M";
-    serverProperties = common.serverProperties // {
-      difficulty = 2;
-      server-port = 30012;
-      motd = "\\u00A7fArchival \\u00A7l\\u00A7n\\u00A7cBloxelcom \\u00A7r\\u00A7fMinecraft server.";
+  services = {
+    minecraft-servers.servers.blockworld = {
+      autoStart = false;
+      package = pkgs.paperServers.paper-1_21_1;
+      jvmOpts = "-Xmx3072M";
+      serverProperties = common.serverProperties // {
+        difficulty = 2;
+        server-port = 30012;
+        motd = "\\u00A7fArchival \\u00A7l\\u00A7n\\u00A7cBloxelcom \\u00A7r\\u00A7fMinecraft server.";
+      };
+      whitelist = common.whitelist;
+      symlinks = common.paperSymlinks;
+      files = common.configFiles;
    };
-    whitelist = common.whitelist;
-    symlinks = common.paperSymlinks;
-    files = common.configFiles;
+    ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.blockworld.enable [ "bloxel.${config.domains.p2}" ];
  };
 }
--- a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix
+++ b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix
@ -1,17 +1,20 @@
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  common = import ../../common { inherit pkgs; };
 in {
-  services.minecraft-servers.servers.dewdemolisher = {
-    package = pkgs.paperServers.paper-1_21_1;
-    jvmOpts = "-Xmx2000M";
-    serverProperties = common.serverProperties // {
-      difficulty = 2;
-      server-port = 30010;
-      motd = "\\u00A7l\\u00A7aDew Demolisher is here.";
+  services = {
+    minecraft-servers.servers.dewdemolisher = {
+      package = pkgs.paperServers.paper-1_21_1;
+      jvmOpts = "-Xmx2000M";
+      serverProperties = common.serverProperties // {
+        difficulty = 2;
+        server-port = 30010;
+        motd = "\\u00A7l\\u00A7aDew Demolisher is here.";
+      };
+      whitelist = common.whitelist;
+      symlinks = common.paperSymlinks;
+      files = common.configFiles;
    };
-    whitelist = common.whitelist;
-    symlinks = common.paperSymlinks;
-    files = common.configFiles;
+    ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.dewdemolisher.enable [ "dew.${config.domains.p2}" ];
  };
 }
--- a/modules/system/services/server/minecraft/servers/johnside/default.nix
+++ b/modules/system/services/server/minecraft/servers/johnside/default.nix
@ -1,30 +1,33 @@
-{ pkgs, config, ... }:
+{ config, lib, pkgs, ... }:
 let
  common = import ../../common { inherit pkgs; };
 in {
-  services.minecraft-servers.servers.johnside = {
-    package = pkgs.paperServers.paper-1_20_6;
-    jvmOpts = "-Xmx2500M";
-    serverProperties = common.serverProperties // {
-      difficulty = 2;
-      server-port = 30009;
-      motd = "\\u00A7l\\u00A79Johnside SMP\\u00A7r \\u00A7l\\u00A7fworld for \\u00A74John lovers only.";
+  services = {
+    minecraft-servers.servers.johnside = {
+      package = pkgs.paperServers.paper-1_20_6;
+      jvmOpts = "-Xmx2500M";
+      serverProperties = common.serverProperties // {
+        difficulty = 2;
+        server-port = 30009;
+        motd = "\\u00A7l\\u00A79Johnside SMP\\u00A7r \\u00A7l\\u00A7fworld for \\u00A74John lovers only.";
+      };
+      whitelist = common.whitelist;
+      symlinks = common.paperSymlinks // {
+        "plugins/CustomDiscs.jar" = builtins.fetchurl {
+          url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
+          sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
+        };
+        "plugins/NotTooExpensive.jar" = builtins.fetchurl {
+          url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
+          sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
+        };
+        "plugins/SilkTouchHands.jar" = builtins.fetchurl {
+          url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
+          sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
+        };
+      };
+      files = common.configFiles;
    };
-    whitelist = common.whitelist;
-    symlinks = common.paperSymlinks // {
-      "plugins/CustomDiscs.jar" = builtins.fetchurl {
-        url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
-        sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
-      };
-      "plugins/NotTooExpensive.jar" = builtins.fetchurl {
-        url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
-        sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
-      };
-      "plugins/SilkTouchHands.jar" = builtins.fetchurl {
-        url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
-        sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
-      };
-    };
-    files = common.configFiles;
+    ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.johnside.enable [ "john.${config.domains.p2}" ];
  };
 }
--- a/modules/system/services/server/minecraft/servers/roguecraft/default.nix
+++ b/modules/system/services/server/minecraft/servers/roguecraft/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ config, lib, pkgs, ... }:
 let
  common = import ../../common { inherit pkgs; };
 in {
@ -23,7 +23,10 @@ in {
        };
      };
    };
-    nginx.virtualHosts."${config.domains.p1}".locations = {
+
+    ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.roguecraft.enable [ "rogue.${config.domains.p2}" ];
+
+    nginx.virtualHosts."${config.domains.p1}".locations = lib.mkIf config.services.minecraft-servers.servers.roguecraft.enable {
      "/roguecraftdatapackredir" = {
        return = "301 https://cdn.modrinth.com/data/HtKjVijx/versions/Rme4c23R/Roguecraft%201.2.6%20-%20Data%20Pack.zip";
      };
--- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix
+++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  common = import ../../common { inherit pkgs; };
  uberBukkitZip = pkgs.fetchzip {
@ -10,12 +10,15 @@ let
    src = "${uberBukkitZip}/uberbukkit-2.0.0.jar";
  });
 in {
-  services.minecraft-servers.servers.uberbeta = {
-    package = uberBukkit;
-    jvmOpts = "-Xmx512M";
-    serverProperties = common.serverProperties // {
-      difficulty = 3;
-      server-port = 30005;
+  services = {
+    minecraft-servers.servers.uberbeta = {
+      package = uberBukkit;
+      jvmOpts = "-Xmx512M";
+      serverProperties = common.serverProperties // {
+        difficulty = 3;
+        server-port = 30005;
+      };
    };
+    ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.domains.p2}" ];
  };
 }
--- a/modules/system/services/server/socialserver/matrix/coturn/default.nix
+++ b/modules/system/services/server/socialserver/matrix/coturn/default.nix
@ -26,6 +26,9 @@
        turn_shared_secret = config.secrets.coturnSecret;
        turn_user_lifetime = "1h";
      };
+
+      # Sync the IP to Cloudflare
+      ddclient.domains = [ "git.${config.domains.p2}" ];
    };

    # Open coturn ports
--- a/modules/system/services/server/webserver/ddclient/default.nix
+++ b/modules/system/services/server/webserver/ddclient/default.nix
@ -8,16 +8,6 @@
      usev6 = "";
      username = "token";
      passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
-      domains = [
-        "${config.domains.p2}"
-        "*.${config.domains.p2}"
-        "sv.${config.domains.p2}"
-        "git.${config.domains.p2}"
-        "turn.${config.domains.p2}"
-        "dew.${config.domains.p2}"
-        "john.${config.domains.p2}"
-        "rogue.${config.domains.p2}"
-      ];
    };
    environment.persistence."/persist".directories = [
      "/var/lib/private/ddclient"