From cc68f883ba1046d2d4000946354dac4b5516bcbe Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 17 Jan 2025 17:06:28 -0500 Subject: [PATCH] Move server to persistence, still have stuff to fix --- hosts/kitty/boot/default.nix | 10 +-- hosts/kitty/default.nix | 5 +- hosts/kitty/filesystems/default.nix | 30 +++---- .../system/services/server/acme/default.nix | 7 -- .../services/server/ddclient/default.nix | 21 ----- modules/system/services/server/default.nix | 6 +- .../server/fileserver/jellyfin/default.nix | 9 ++- .../server/fileserver/nextcloud/default.nix | 50 ++++++------ .../services/server/forgejo/default.nix | 4 + .../services/server/minecraft/default.nix | 16 ++-- .../system/services/server/mysql/default.nix | 34 ++++---- .../server/social/mastodon/default.nix | 18 ----- .../server/social/matrix/synapse/default.nix | 73 ----------------- .../server/social/owncast/default.nix | 11 --- .../{social => socialserver}/default.nix | 2 +- .../server/socialserver/mastodon/default.nix | 23 ++++++ .../matrix/coturn/default.nix | 0 .../matrix/coturn/nginx/default.nix | 0 .../matrix/default.nix | 0 .../matrix/element/default.nix | 0 .../matrix/element/nginx/default.nix | 0 .../socialserver/matrix/synapse/default.nix | 78 +++++++++++++++++++ .../matrix/synapse/nginx/default.nix | 0 .../server/socialserver/owncast/default.nix | 16 ++++ .../owncast/nginx/default.nix | 0 .../services/server/transmission/default.nix | 17 ++-- .../services/server/vaultwarden/default.nix | 41 +++++----- .../server/webserver/acme/default.nix | 12 +++ .../server/webserver/ddclient/default.nix | 26 +++++++ .../services/server/webserver/default.nix | 13 ++++ .../server/{ => webserver}/nginx/default.nix | 6 +- .../{ => webserver}/nginx/rtmp/default.nix | 0 .../nginx/virtualhosts/default.nix | 0 .../nginx/virtualhosts/p1/default.nix | 0 .../nginx/virtualhosts/p2/default.nix | 0 35 files changed, 293 insertions(+), 235 deletions(-) delete mode 100644 modules/system/services/server/acme/default.nix delete mode 100644 modules/system/services/server/ddclient/default.nix delete mode 100644 modules/system/services/server/social/mastodon/default.nix delete mode 100644 modules/system/services/server/social/matrix/synapse/default.nix delete mode 100644 modules/system/services/server/social/owncast/default.nix rename modules/system/services/server/{social => socialserver}/default.nix (71%) create mode 100644 modules/system/services/server/socialserver/mastodon/default.nix rename modules/system/services/server/{social => socialserver}/matrix/coturn/default.nix (100%) rename modules/system/services/server/{social => socialserver}/matrix/coturn/nginx/default.nix (100%) rename modules/system/services/server/{social => socialserver}/matrix/default.nix (100%) rename modules/system/services/server/{social => socialserver}/matrix/element/default.nix (100%) rename modules/system/services/server/{social => socialserver}/matrix/element/nginx/default.nix (100%) create mode 100644 modules/system/services/server/socialserver/matrix/synapse/default.nix rename modules/system/services/server/{social => socialserver}/matrix/synapse/nginx/default.nix (100%) create mode 100644 modules/system/services/server/socialserver/owncast/default.nix rename modules/system/services/server/{social => socialserver}/owncast/nginx/default.nix (100%) create mode 100644 modules/system/services/server/webserver/acme/default.nix create mode 100644 modules/system/services/server/webserver/ddclient/default.nix create mode 100644 modules/system/services/server/webserver/default.nix rename modules/system/services/server/{ => webserver}/nginx/default.nix (73%) rename modules/system/services/server/{ => webserver}/nginx/rtmp/default.nix (100%) rename modules/system/services/server/{ => webserver}/nginx/virtualhosts/default.nix (100%) rename modules/system/services/server/{ => webserver}/nginx/virtualhosts/p1/default.nix (100%) rename modules/system/services/server/{ => webserver}/nginx/virtualhosts/p2/default.nix (100%) diff --git a/hosts/kitty/boot/default.nix b/hosts/kitty/boot/default.nix index 3ddcac8..74547f3 100644 --- a/hosts/kitty/boot/default.nix +++ b/hosts/kitty/boot/default.nix @@ -1,11 +1,7 @@ { config, lib, pkgs, ... }: { - boot = { - kernelPackages = pkgs.linuxPackages_hardened; - initrd.systemd.services.root-reset.enable = lib.mkForce false; - swraid = { - enable = true; - mdadmConf = "MAILADDR contact@${config.domains.p2}"; - }; + boot.swraid = { + enable = true; + mdadmConf = "MAILADDR contact@${config.domains.p2}"; }; } diff --git a/hosts/kitty/default.nix b/hosts/kitty/default.nix index de0113e..ced2549 100644 --- a/hosts/kitty/default.nix +++ b/hosts/kitty/default.nix @@ -14,13 +14,12 @@ hostId = "38ba3f57"; }; - environment.persistence."/persist".enable = lib.mkForce false; - system = { desktop.enable = false; server.enable = true; + webserver.enable = true; fileserver.enable = true; - socials.enable = true; + socialserver.enable = true; wireless.enable = false; wireguard.server.enable = true; stateVersion = "24.05"; diff --git a/hosts/kitty/filesystems/default.nix b/hosts/kitty/filesystems/default.nix index 99fc9dc..6a837ef 100644 --- a/hosts/kitty/filesystems/default.nix +++ b/hosts/kitty/filesystems/default.nix @@ -4,22 +4,23 @@ "/" = { device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287"; fsType = "btrfs"; - options = [ "subvol=@" ]; + options = [ "subvol=root" ]; }; - "/home" = { + "/prev" = { device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287"; fsType = "btrfs"; - options = [ "subvol=@home" ]; + options = [ "subvol=prev" ]; + }; + "/persist" = { + device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "subvol=persist" "compress=zstd" ]; }; "/nix" = { device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287"; fsType = "btrfs"; - options = [ "subvol=@nix" ]; - }; - "/var" = { - device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325"; - fsType = "btrfs"; - options = [ "subvol=@var" ]; + options = [ "subvol=nix" ]; }; "/boot" = { device = "/dev/disk/by-uuid/CD94-1D3F"; @@ -28,23 +29,12 @@ }; # Subvols and bindmounts - "/persist" = { - device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325"; - fsType = "btrfs"; - options = [ "subvol=persist" "compress=zstd" ]; - }; "/export/KittyNFS" = { depends = [ "/persist" ]; device = "/persist/export/KittyNFS"; fsType = "none"; options = [ "bind" ]; }; - "/srv/minecraft" = { - depends = [ "/persist" ]; - device = "/persist/srv/minecraft"; - fsType = "none"; - options = [ "bind" ]; - }; }; swapDevices = [ diff --git a/modules/system/services/server/acme/default.nix b/modules/system/services/server/acme/default.nix deleted file mode 100644 index 5c75df9..0000000 --- a/modules/system/services/server/acme/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, ... }: -{ - security.acme = { - acceptTerms = true; - defaults.email = "contact@${config.domains.p2}"; - }; -} diff --git a/modules/system/services/server/ddclient/default.nix b/modules/system/services/server/ddclient/default.nix deleted file mode 100644 index 4104a79..0000000 --- a/modules/system/services/server/ddclient/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, config, ... }: -{ - services.ddclient = { - enable = config.system.server.enable; - protocol = "cloudflare"; - zone = "${config.domains.p2}"; - usev6 = ""; - username = "token"; - passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; - domains = [ - "${config.domains.p2}" - "*.${config.domains.p2}" - "sv.${config.domains.p2}" - "git.${config.domains.p2}" - "turn.${config.domains.p2}" - "dew.${config.domains.p2}" - "john.${config.domains.p2}" - "rogue.${config.domains.p2}" - ]; - }; -} diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 7481d00..2a1f1fc 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -1,17 +1,15 @@ { ... }: { imports = [ - ./acme - ./ddclient ./fileserver ./forgejo ./icecast ./mailserver ./minecraft ./mysql - ./nginx - ./social + ./socialserver ./transmission ./vaultwarden + ./webserver ]; } diff --git a/modules/system/services/server/fileserver/jellyfin/default.nix b/modules/system/services/server/fileserver/jellyfin/default.nix index ee15e60..3aa706a 100644 --- a/modules/system/services/server/fileserver/jellyfin/default.nix +++ b/modules/system/services/server/fileserver/jellyfin/default.nix @@ -1,8 +1,13 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./nginx ]; - services.jellyfin.enable = config.system.fileserver.enable; + config = lib.mkIf config.system.fileserver.enable { + services.jellyfin.enable = true; + environment.persistence."/persist".directories = [ + "/var/lib/jellyfin" + ]; + }; } diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix index 9f0c428..e958721 100644 --- a/modules/system/services/server/fileserver/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/default.nix @@ -1,32 +1,36 @@ -{ pkgs, config, ... }: +{ config, lib, pkgs, ... }: { imports = [ ./collabora ./nginx ]; - services.nextcloud = { - enable = config.system.fileserver.enable; - package = pkgs.nextcloud30; - hostName = "cloud.${config.domains.p2}"; - datadir = "/mnt/nextcloud"; - https = true; - config = { - adminuser = config.sysusers.main; - adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}"; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${config.domains.p2}" ]; - overwriteprotocol = "https"; - mail_smtphost = "mx.${config.domains.p1}"; - mail_domain = "${config.domains.p1}"; - mail_from_address = "noreply"; - mail_smtpauth = "true"; - mail_smtpname = "noreply@${config.domains.p2}"; - mail_smtppassword = config.secrets.noreplyPassword; - mail_smtpmode = "smtp"; - mail_smtpport = 587; + config = lib.mkIf config.system.fileserver.enable { + services.nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "cloud.${config.domains.p2}"; + https = true; + config = { + adminuser = config.sysusers.main; + adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "cloud.${config.domains.p2}" ]; + overwriteprotocol = "https"; + mail_smtphost = "mx.${config.domains.p1}"; + mail_domain = "${config.domains.p1}"; + mail_from_address = "noreply"; + mail_smtpauth = "true"; + mail_smtpname = "noreply@${config.domains.p2}"; + mail_smtppassword = config.secrets.noreplyPassword; + mail_smtpmode = "smtp"; + mail_smtpport = 587; + }; }; + environment.persistence."/persist".directories = [ + "/var/lib/nextcloud" + ]; }; } diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index 1419859..e0a6d79 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -30,5 +30,9 @@ }; networking.firewall.allowedTCPPorts = [ 2299 ]; + + environment.persistence."/persist".directories = [ + "/var/lib/forgejo" + ]; }; } diff --git a/modules/system/services/server/minecraft/default.nix b/modules/system/services/server/minecraft/default.nix index 4e55138..2e56bc2 100644 --- a/modules/system/services/server/minecraft/default.nix +++ b/modules/system/services/server/minecraft/default.nix @@ -1,4 +1,4 @@ -{ minecraft, config, ... }: +{ minecraft, config, lib, ... }: { imports = [ minecraft.nixosModules.minecraft-servers @@ -10,10 +10,16 @@ ./servers/uberbeta ]; - nixpkgs.overlays = [ minecraft.overlay ]; + config = lib.mkIf config.system.server.enable { + nixpkgs.overlays = [ minecraft.overlay ]; - services.minecraft-servers = { - enable = config.system.server.enable; - eula = true; + services.minecraft-servers = { + enable = true; + eula = true; + }; + + environment.persistence."/persist".directories = [ + "/srv/minecraft" + ]; }; } diff --git a/modules/system/services/server/mysql/default.nix b/modules/system/services/server/mysql/default.nix index 3354646..39d54f0 100644 --- a/modules/system/services/server/mysql/default.nix +++ b/modules/system/services/server/mysql/default.nix @@ -1,19 +1,23 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { - services.mysql = { - enable = config.system.server.enable; - package = pkgs.mariadb; - dataDir = "/var/lib/mysql"; - ensureDatabases = [ - "minecraft" - ]; - ensureUsers = [ - { - name = "minecraft"; - ensurePermissions = { - "minecraft.*" = "ALL PRIVILEGES"; - }; - } + config = lib.mkIf config.system.server.enable { + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ + "minecraft" + ]; + ensureUsers = [ + { + name = "minecraft"; + ensurePermissions = { + "minecraft.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; + environment.persistence."/persist".directories = [ + "/var/lib/mysql" ]; }; } diff --git a/modules/system/services/server/social/mastodon/default.nix b/modules/system/services/server/social/mastodon/default.nix deleted file mode 100644 index 340efb5..0000000 --- a/modules/system/services/server/social/mastodon/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, config, ... }: -{ - services.mastodon = { - enable = config.system.socials.enable; - localDomain = "social.${config.domains.p2}"; - streamingProcesses = 4; - configureNginx = true; - smtp = { - createLocally = false; - host = "mx.${config.domains.p1}"; - port = 587; - authenticate = true; - fromAddress = "NixFox Mastodon "; - user = "noreply@${config.domains.p2}"; - passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; - }; - }; -} diff --git a/modules/system/services/server/social/matrix/synapse/default.nix b/modules/system/services/server/social/matrix/synapse/default.nix deleted file mode 100644 index 3470989..0000000 --- a/modules/system/services/server/social/matrix/synapse/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, config, ... }: -{ - imports = [ - ./nginx - ]; - - services.matrix-synapse = { - enable = config.system.socials.enable; - settings = { - server_name = "${config.domains.p1}"; - public_baseurl = "https://matrix.${config.domains.p1}"; - suppress_key_server_warning = true; - - listeners = [ - { - port = 8008; - bind_addresses = [ "::" "0.0.0.0" ]; - resources = [{ - compress = true; - names = [ - "client" - "federation" - ]; - }]; - type = "http"; - tls = false; - x_forwarded = true; - } - ]; - - email = { - notif_from = "NixFox Matrix "; - smtp_host = "mx.${config.domains.p1}"; - smtp_user = "noreply@${config.domains.p2}"; - smtp_pass = config.secrets.noreplyPassword; - enable_tls = true; - smtp_port = 587; - require_transport_security = true; - }; - - # Disable registration without email - registrations_require_3pid = [ "email" ]; - - # Allow only this range of emails - allowed_local_3pids = [ - { - medium = "email"; - pattern = ''^[^@]+@nixfox\.ca$''; - } - { - medium = "email"; - pattern = ''^[^@]+@freecorn1854\.win$''; - } - { - medium = "email"; - pattern = ''^[^@]+@lunamoonlight\.xyz$''; - } - ]; - - # Set the type of database - database.name = "sqlite3"; - - # Allow account registration - enable_registration = true; - - # General settings - url_preview_enabled = true; - max_upload_size = "50M"; - report_stats = false; - burst_count = 15; - }; - }; -} diff --git a/modules/system/services/server/social/owncast/default.nix b/modules/system/services/server/social/owncast/default.nix deleted file mode 100644 index 0e5fbbe..0000000 --- a/modules/system/services/server/social/owncast/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: -{ - imports = [ ./nginx ]; - - services.owncast = { - enable = config.system.socials.enable; - port = 8060; - rtmp-port = 1945; - listen = "0.0.0.0"; - }; -} diff --git a/modules/system/services/server/social/default.nix b/modules/system/services/server/socialserver/default.nix similarity index 71% rename from modules/system/services/server/social/default.nix rename to modules/system/services/server/socialserver/default.nix index 269fbef..1191cd7 100644 --- a/modules/system/services/server/social/default.nix +++ b/modules/system/services/server/socialserver/default.nix @@ -1,6 +1,6 @@ { lib, ... }: { - options.system.socials.enable = lib.mkOption { + options.system.socialserver.enable = lib.mkOption { type = lib.types.bool; default = false; }; diff --git a/modules/system/services/server/socialserver/mastodon/default.nix b/modules/system/services/server/socialserver/mastodon/default.nix new file mode 100644 index 0000000..76e85f5 --- /dev/null +++ b/modules/system/services/server/socialserver/mastodon/default.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: +{ + config = lib.mkIf config.system.socialserver.enable { + services.mastodon = { + enable = true; + localDomain = "social.${config.domains.p2}"; + streamingProcesses = 4; + configureNginx = true; + smtp = { + createLocally = false; + host = "mx.${config.domains.p1}"; + port = 587; + authenticate = true; + fromAddress = "NixFox Mastodon "; + user = "noreply@${config.domains.p2}"; + passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; + }; + }; + environment.persistence."/persist".directories = [ + "/var/lib/mastodon" + ]; + }; +} diff --git a/modules/system/services/server/social/matrix/coturn/default.nix b/modules/system/services/server/socialserver/matrix/coturn/default.nix similarity index 100% rename from modules/system/services/server/social/matrix/coturn/default.nix rename to modules/system/services/server/socialserver/matrix/coturn/default.nix diff --git a/modules/system/services/server/social/matrix/coturn/nginx/default.nix b/modules/system/services/server/socialserver/matrix/coturn/nginx/default.nix similarity index 100% rename from modules/system/services/server/social/matrix/coturn/nginx/default.nix rename to modules/system/services/server/socialserver/matrix/coturn/nginx/default.nix diff --git a/modules/system/services/server/social/matrix/default.nix b/modules/system/services/server/socialserver/matrix/default.nix similarity index 100% rename from modules/system/services/server/social/matrix/default.nix rename to modules/system/services/server/socialserver/matrix/default.nix diff --git a/modules/system/services/server/social/matrix/element/default.nix b/modules/system/services/server/socialserver/matrix/element/default.nix similarity index 100% rename from modules/system/services/server/social/matrix/element/default.nix rename to modules/system/services/server/socialserver/matrix/element/default.nix diff --git a/modules/system/services/server/social/matrix/element/nginx/default.nix b/modules/system/services/server/socialserver/matrix/element/nginx/default.nix similarity index 100% rename from modules/system/services/server/social/matrix/element/nginx/default.nix rename to modules/system/services/server/socialserver/matrix/element/nginx/default.nix diff --git a/modules/system/services/server/socialserver/matrix/synapse/default.nix b/modules/system/services/server/socialserver/matrix/synapse/default.nix new file mode 100644 index 0000000..adeb58a --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/synapse/default.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./nginx + ]; + + config = lib.mkIf config.system.socialserver.enable { + services.matrix-synapse = { + enable = true; + settings = { + server_name = "${config.domains.p1}"; + public_baseurl = "https://matrix.${config.domains.p1}"; + suppress_key_server_warning = true; + + listeners = [ + { + port = 8008; + bind_addresses = [ "::" "0.0.0.0" ]; + resources = [{ + compress = true; + names = [ + "client" + "federation" + ]; + }]; + type = "http"; + tls = false; + x_forwarded = true; + } + ]; + + email = { + notif_from = "NixFox Matrix "; + smtp_host = "mx.${config.domains.p1}"; + smtp_user = "noreply@${config.domains.p2}"; + smtp_pass = config.secrets.noreplyPassword; + enable_tls = true; + smtp_port = 587; + require_transport_security = true; + }; + + # Disable registration without email + registrations_require_3pid = [ "email" ]; + + # Allow only this range of emails + allowed_local_3pids = [ + { + medium = "email"; + pattern = ''^[^@]+@nixfox\.ca$''; + } + { + medium = "email"; + pattern = ''^[^@]+@freecorn1854\.win$''; + } + { + medium = "email"; + pattern = ''^[^@]+@lunamoonlight\.xyz$''; + } + ]; + + # Set the type of database + database.name = "sqlite3"; + + # Allow account registration + enable_registration = true; + + # General settings + url_preview_enabled = true; + max_upload_size = "50M"; + report_stats = false; + burst_count = 15; + }; + }; + environment.persistence."/persist".directories = [ + "/var/lib/matrix-synapse" + ]; + }; +} diff --git a/modules/system/services/server/social/matrix/synapse/nginx/default.nix b/modules/system/services/server/socialserver/matrix/synapse/nginx/default.nix similarity index 100% rename from modules/system/services/server/social/matrix/synapse/nginx/default.nix rename to modules/system/services/server/socialserver/matrix/synapse/nginx/default.nix diff --git a/modules/system/services/server/socialserver/owncast/default.nix b/modules/system/services/server/socialserver/owncast/default.nix new file mode 100644 index 0000000..b2dfe6a --- /dev/null +++ b/modules/system/services/server/socialserver/owncast/default.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: +{ + imports = [ ./nginx ]; + + config = lib.mkIf config.system.socialserver.enable { + services.owncast = { + enable = true; + port = 8060; + rtmp-port = 1945; + listen = "0.0.0.0"; + }; + environment.persistence."/persist".directories = [ + "/var/lib/owncast" + ]; + }; +} diff --git a/modules/system/services/server/social/owncast/nginx/default.nix b/modules/system/services/server/socialserver/owncast/nginx/default.nix similarity index 100% rename from modules/system/services/server/social/owncast/nginx/default.nix rename to modules/system/services/server/socialserver/owncast/nginx/default.nix diff --git a/modules/system/services/server/transmission/default.nix b/modules/system/services/server/transmission/default.nix index 9de2d5d..b23b9dd 100644 --- a/modules/system/services/server/transmission/default.nix +++ b/modules/system/services/server/transmission/default.nix @@ -1,11 +1,16 @@ -{ pkgs, config, ... }: +{ config, lib, pkgs, ... }: { imports = [ ./nginx ]; - services.transmission = { - enable = config.system.server.enable; - credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; - openPeerPorts = true; - settings.rpc-authentication-required = true; + config = lib.mkIf config.system.server.enable { + services.transmission = { + enable = true; + credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; + openPeerPorts = true; + settings.rpc-authentication-required = true; + }; + environment.persistence."/persist".directories = [ + "/var/lib/transmission" + ]; }; } diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index 729ff55..078c634 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -1,25 +1,30 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./nginx ]; - services.vaultwarden = { - enable = config.system.server.enable; - config = { - DOMAIN = "https://pass.${config.domains.p2}"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - ROCKET_LOG = "critical"; + config = lib.mkIf config.system.server.enable { + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.${config.domains.p2}"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + ROCKET_LOG = "critical"; - # Smtp email - SMTP_HOST = "mx.${config.domains.p1}"; - SMTP_FROM = "noreply@${config.domains.p2}"; - SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${config.domains.p2}"; - SMTP_PASSWORD = config.secrets.noreplyPassword; - SMTP_SECURITY = "starttls"; - SMTP_PORT = 587; - SMTP_TIMEOUT = 15; + # Smtp email + SMTP_HOST = "mx.${config.domains.p1}"; + SMTP_FROM = "noreply@${config.domains.p2}"; + SMTP_FROM_NAME = "Vaultwarden"; + SMTP_USERNAME = "noreply@${config.domains.p2}"; + SMTP_PASSWORD = config.secrets.noreplyPassword; + SMTP_SECURITY = "starttls"; + SMTP_PORT = 587; + SMTP_TIMEOUT = 15; + }; }; + environment.persistence."/persist".directories = [ + "/var/lib/bitwarden_rs" + ]; }; } diff --git a/modules/system/services/server/webserver/acme/default.nix b/modules/system/services/server/webserver/acme/default.nix new file mode 100644 index 0000000..c8d0746 --- /dev/null +++ b/modules/system/services/server/webserver/acme/default.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: +{ + config = lib.mkIf config.system.webserver.enable { + security.acme = { + acceptTerms = true; + defaults.email = "contact@${config.domains.p2}"; + }; + environment.persistence."/persist".directories = [ + "/var/lib/acme" + ]; + }; +} diff --git a/modules/system/services/server/webserver/ddclient/default.nix b/modules/system/services/server/webserver/ddclient/default.nix new file mode 100644 index 0000000..efea915 --- /dev/null +++ b/modules/system/services/server/webserver/ddclient/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + config = lib.mkIf config.system.webserver.enable { + services.ddclient = { + enable = true; + protocol = "cloudflare"; + zone = "${config.domains.p2}"; + usev6 = ""; + username = "token"; + passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; + domains = [ + "${config.domains.p2}" + "*.${config.domains.p2}" + "sv.${config.domains.p2}" + "git.${config.domains.p2}" + "turn.${config.domains.p2}" + "dew.${config.domains.p2}" + "john.${config.domains.p2}" + "rogue.${config.domains.p2}" + ]; + }; + environment.persistence."/persist".directories = [ + "/var/lib/private/ddclient" + ]; + }; +} diff --git a/modules/system/services/server/webserver/default.nix b/modules/system/services/server/webserver/default.nix new file mode 100644 index 0000000..04d72dd --- /dev/null +++ b/modules/system/services/server/webserver/default.nix @@ -0,0 +1,13 @@ +{ lib, ... }: +{ + options.system.webserver.enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + imports = [ + ./acme + ./ddclient + ./nginx + ]; +} diff --git a/modules/system/services/server/nginx/default.nix b/modules/system/services/server/webserver/nginx/default.nix similarity index 73% rename from modules/system/services/server/nginx/default.nix rename to modules/system/services/server/webserver/nginx/default.nix index 7d1677b..398226c 100644 --- a/modules/system/services/server/nginx/default.nix +++ b/modules/system/services/server/webserver/nginx/default.nix @@ -5,7 +5,7 @@ ./virtualhosts ]; - config = lib.mkIf (config.system.server.enable || config.system.mailserver.enable) { + config = lib.mkIf config.system.webserver.enable { services.nginx = { enable = true; recommendedTlsSettings = true; @@ -14,6 +14,10 @@ recommendedProxySettings = true; }; + environment.persistence."/persist".directories = [ + "/var/www" + ]; + networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/modules/system/services/server/nginx/rtmp/default.nix b/modules/system/services/server/webserver/nginx/rtmp/default.nix similarity index 100% rename from modules/system/services/server/nginx/rtmp/default.nix rename to modules/system/services/server/webserver/nginx/rtmp/default.nix diff --git a/modules/system/services/server/nginx/virtualhosts/default.nix b/modules/system/services/server/webserver/nginx/virtualhosts/default.nix similarity index 100% rename from modules/system/services/server/nginx/virtualhosts/default.nix rename to modules/system/services/server/webserver/nginx/virtualhosts/default.nix diff --git a/modules/system/services/server/nginx/virtualhosts/p1/default.nix b/modules/system/services/server/webserver/nginx/virtualhosts/p1/default.nix similarity index 100% rename from modules/system/services/server/nginx/virtualhosts/p1/default.nix rename to modules/system/services/server/webserver/nginx/virtualhosts/p1/default.nix diff --git a/modules/system/services/server/nginx/virtualhosts/p2/default.nix b/modules/system/services/server/webserver/nginx/virtualhosts/p2/default.nix similarity index 100% rename from modules/system/services/server/nginx/virtualhosts/p2/default.nix rename to modules/system/services/server/webserver/nginx/virtualhosts/p2/default.nix