diff --git a/hosts/kitty/filesystems/default.nix b/hosts/kitty/filesystems/default.nix index 6a837ef..9ad1c55 100644 --- a/hosts/kitty/filesystems/default.nix +++ b/hosts/kitty/filesystems/default.nix @@ -4,31 +4,31 @@ "/" = { device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287"; fsType = "btrfs"; - options = [ "subvol=root" ]; + options = [ "subvol=root" "compress=zstd" "noatime" "ssd" ]; }; "/prev" = { device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287"; fsType = "btrfs"; - options = [ "subvol=prev" ]; - }; - "/persist" = { - device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325"; - fsType = "btrfs"; - neededForBoot = true; - options = [ "subvol=persist" "compress=zstd" ]; + options = [ "subvol=prev" "compress=zstd" "noatime" "ssd" "noexec" ]; }; "/nix" = { device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287"; fsType = "btrfs"; - options = [ "subvol=nix" ]; + options = [ "subvol=nix" "compress=zstd" "noatime" "ssd" ]; }; "/boot" = { device = "/dev/disk/by-uuid/CD94-1D3F"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = [ "umask=0077" ]; }; - # Subvols and bindmounts + # Impermanence and subvols + "/persist" = { + device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "subvol=persist" "compress=zstd" "noatime" ]; + }; "/export/KittyNFS" = { depends = [ "/persist" ]; device = "/persist/export/KittyNFS"; diff --git a/modules/system/accounts/users/system/nextcloud/default.nix b/modules/system/accounts/users/system/nextcloud/default.nix index 73aba8b..0722276 100644 --- a/modules/system/accounts/users/system/nextcloud/default.nix +++ b/modules/system/accounts/users/system/nextcloud/default.nix @@ -5,7 +5,7 @@ group = "nextcloud"; extraGroups = [ "nfsShare" ]; isSystemUser = true; - uid = 995; + uid = 218; }; groups.nextcloud = {}; }; diff --git a/modules/system/devices/boot/services/root-reset/default.nix b/modules/system/devices/boot/services/root-reset/default.nix index eed5869..c7ac461 100644 --- a/modules/system/devices/boot/services/root-reset/default.nix +++ b/modules/system/devices/boot/services/root-reset/default.nix @@ -2,15 +2,15 @@ { boot.initrd.systemd.services.root-reset = { enable = true; - description = "Reset root and snapshot last boot"; + description = "Create new and snapshot previous root"; wantedBy = [ "initrd.target" ]; before = [ "sysroot.mount" ]; - after = [ "dev-${config.networking.hostName}-root.device" ]; + after = [ "initrd-root-device.target" ]; unitConfig.DefaultDependencies = "no"; serviceConfig.Type = "oneshot"; script = '' mkdir -p /mnt - mount /dev/${config.networking.hostName}/root /mnt + mount -t btrfs /dev/${config.networking.hostName}/root /mnt if [[ -e /mnt/prev ]]; then btrfs subvolume delete /mnt/prev diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index e0a6d79..c42de44 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -31,6 +31,8 @@ networking.firewall.allowedTCPPorts = [ 2299 ]; + services.ddclient.domains = [ "git.${config.domains.p2}" ]; + environment.persistence."/persist".directories = [ "/var/lib/forgejo" ]; diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index a41b52f..25caa57 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -1,4 +1,4 @@ -{ mailserver, pkgs, config, ... }: +{ mailserver, config, lib, pkgs, ... }: { imports = [ ./nginx @@ -52,4 +52,5 @@ # Rspamd port from earlier to avoid overlap services.redis.servers.rspamd.port = 1515; + services.ddclient.domains = lib.mkIf config.mailserver.enable [ "mx.${config.domains.p1}" ]; } diff --git a/modules/system/services/server/minecraft/servers/blockworld/default.nix b/modules/system/services/server/minecraft/servers/blockworld/default.nix index bc20e72..ca896f4 100644 --- a/modules/system/services/server/minecraft/servers/blockworld/default.nix +++ b/modules/system/services/server/minecraft/servers/blockworld/default.nix @@ -1,18 +1,21 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: let common = import ../../common { inherit pkgs; }; in { - services.minecraft-servers.servers.blockworld = { - autoStart = false; - package = pkgs.paperServers.paper-1_21_1; - jvmOpts = "-Xmx3072M"; - serverProperties = common.serverProperties // { - difficulty = 2; - server-port = 30012; - motd = "\\u00A7fArchival \\u00A7l\\u00A7n\\u00A7cBloxelcom \\u00A7r\\u00A7fMinecraft server."; + services = { + minecraft-servers.servers.blockworld = { + autoStart = false; + package = pkgs.paperServers.paper-1_21_1; + jvmOpts = "-Xmx3072M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30012; + motd = "\\u00A7fArchival \\u00A7l\\u00A7n\\u00A7cBloxelcom \\u00A7r\\u00A7fMinecraft server."; + }; + whitelist = common.whitelist; + symlinks = common.paperSymlinks; + files = common.configFiles; }; - whitelist = common.whitelist; - symlinks = common.paperSymlinks; - files = common.configFiles; + ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.blockworld.enable [ "bloxel.${config.domains.p2}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix index 5b5f0c7..76e92e6 100644 --- a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix +++ b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix @@ -1,17 +1,20 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: let common = import ../../common { inherit pkgs; }; in { - services.minecraft-servers.servers.dewdemolisher = { - package = pkgs.paperServers.paper-1_21_1; - jvmOpts = "-Xmx2000M"; - serverProperties = common.serverProperties // { - difficulty = 2; - server-port = 30010; - motd = "\\u00A7l\\u00A7aDew Demolisher is here."; + services = { + minecraft-servers.servers.dewdemolisher = { + package = pkgs.paperServers.paper-1_21_1; + jvmOpts = "-Xmx2000M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30010; + motd = "\\u00A7l\\u00A7aDew Demolisher is here."; + }; + whitelist = common.whitelist; + symlinks = common.paperSymlinks; + files = common.configFiles; }; - whitelist = common.whitelist; - symlinks = common.paperSymlinks; - files = common.configFiles; + ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.dewdemolisher.enable [ "dew.${config.domains.p2}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/johnside/default.nix b/modules/system/services/server/minecraft/servers/johnside/default.nix index b3b3d4b..1741585 100644 --- a/modules/system/services/server/minecraft/servers/johnside/default.nix +++ b/modules/system/services/server/minecraft/servers/johnside/default.nix @@ -1,30 +1,33 @@ -{ pkgs, config, ... }: +{ config, lib, pkgs, ... }: let common = import ../../common { inherit pkgs; }; in { - services.minecraft-servers.servers.johnside = { - package = pkgs.paperServers.paper-1_20_6; - jvmOpts = "-Xmx2500M"; - serverProperties = common.serverProperties // { - difficulty = 2; - server-port = 30009; - motd = "\\u00A7l\\u00A79Johnside SMP\\u00A7r \\u00A7l\\u00A7fworld for \\u00A74John lovers only."; + services = { + minecraft-servers.servers.johnside = { + package = pkgs.paperServers.paper-1_20_6; + jvmOpts = "-Xmx2500M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30009; + motd = "\\u00A7l\\u00A79Johnside SMP\\u00A7r \\u00A7l\\u00A7fworld for \\u00A74John lovers only."; + }; + whitelist = common.whitelist; + symlinks = common.paperSymlinks // { + "plugins/CustomDiscs.jar" = builtins.fetchurl { + url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar"; + sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d"; + }; + "plugins/NotTooExpensive.jar" = builtins.fetchurl { + url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar"; + sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d"; + }; + "plugins/SilkTouchHands.jar" = builtins.fetchurl { + url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar"; + sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w"; + }; + }; + files = common.configFiles; }; - whitelist = common.whitelist; - symlinks = common.paperSymlinks // { - "plugins/CustomDiscs.jar" = builtins.fetchurl { - url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar"; - sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d"; - }; - "plugins/NotTooExpensive.jar" = builtins.fetchurl { - url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar"; - sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d"; - }; - "plugins/SilkTouchHands.jar" = builtins.fetchurl { - url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar"; - sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w"; - }; - }; - files = common.configFiles; + ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.johnside.enable [ "john.${config.domains.p2}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/roguecraft/default.nix b/modules/system/services/server/minecraft/servers/roguecraft/default.nix index 68e373a..ad3c76a 100644 --- a/modules/system/services/server/minecraft/servers/roguecraft/default.nix +++ b/modules/system/services/server/minecraft/servers/roguecraft/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ config, lib, pkgs, ... }: let common = import ../../common { inherit pkgs; }; in { @@ -23,7 +23,10 @@ in { }; }; }; - nginx.virtualHosts."${config.domains.p1}".locations = { + + ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.roguecraft.enable [ "rogue.${config.domains.p2}" ]; + + nginx.virtualHosts."${config.domains.p1}".locations = lib.mkIf config.services.minecraft-servers.servers.roguecraft.enable { "/roguecraftdatapackredir" = { return = "301 https://cdn.modrinth.com/data/HtKjVijx/versions/Rme4c23R/Roguecraft%201.2.6%20-%20Data%20Pack.zip"; }; diff --git a/modules/system/services/server/minecraft/servers/uberbeta/default.nix b/modules/system/services/server/minecraft/servers/uberbeta/default.nix index 15699fc..ed26edf 100644 --- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix +++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: let common = import ../../common { inherit pkgs; }; uberBukkitZip = pkgs.fetchzip { @@ -10,12 +10,15 @@ let src = "${uberBukkitZip}/uberbukkit-2.0.0.jar"; }); in { - services.minecraft-servers.servers.uberbeta = { - package = uberBukkit; - jvmOpts = "-Xmx512M"; - serverProperties = common.serverProperties // { - difficulty = 3; - server-port = 30005; + services = { + minecraft-servers.servers.uberbeta = { + package = uberBukkit; + jvmOpts = "-Xmx512M"; + serverProperties = common.serverProperties // { + difficulty = 3; + server-port = 30005; + }; }; + ddclient.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.domains.p2}" ]; }; } diff --git a/modules/system/services/server/socialserver/matrix/coturn/default.nix b/modules/system/services/server/socialserver/matrix/coturn/default.nix index 7ca7e35..5cdd8a4 100644 --- a/modules/system/services/server/socialserver/matrix/coturn/default.nix +++ b/modules/system/services/server/socialserver/matrix/coturn/default.nix @@ -26,6 +26,9 @@ turn_shared_secret = config.secrets.coturnSecret; turn_user_lifetime = "1h"; }; + + # Sync the IP to Cloudflare + ddclient.domains = [ "git.${config.domains.p2}" ]; }; # Open coturn ports diff --git a/modules/system/services/server/webserver/ddclient/default.nix b/modules/system/services/server/webserver/ddclient/default.nix index efea915..500124d 100644 --- a/modules/system/services/server/webserver/ddclient/default.nix +++ b/modules/system/services/server/webserver/ddclient/default.nix @@ -8,16 +8,6 @@ usev6 = ""; username = "token"; passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; - domains = [ - "${config.domains.p2}" - "*.${config.domains.p2}" - "sv.${config.domains.p2}" - "git.${config.domains.p2}" - "turn.${config.domains.p2}" - "dew.${config.domains.p2}" - "john.${config.domains.p2}" - "rogue.${config.domains.p2}" - ]; }; environment.persistence."/persist".directories = [ "/var/lib/private/ddclient"