diff --git a/modules/extras/variables/domains/default.nix b/modules/extras/variables/domains/default.nix index 966bf5b..e85880b 100644 --- a/modules/extras/variables/domains/default.nix +++ b/modules/extras/variables/domains/default.nix @@ -6,8 +6,8 @@ }; config.domains = { - jim1 = "jimbosfiles.com"; - jim2 = "nixfox.ca"; + p1 = "jimbosfiles.com"; + p2 = "nixfox.ca"; corn = "freecorn1854.win"; luna = "lunamoonlight.xyz"; }; diff --git a/modules/home/programs/gui/thunar/default.nix b/modules/home/programs/gui/thunar/default.nix new file mode 100644 index 0000000..01d73e8 --- /dev/null +++ b/modules/home/programs/gui/thunar/default.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + programs.thunar = { + enable = true; + plugins = with pkgs.xfce; [ + thunar-archive-plugin + thunar-volman + ]; + }; +} diff --git a/modules/home/programs/terminal/git/default.nix b/modules/home/programs/terminal/git/default.nix index baf4099..df3a416 100644 --- a/modules/home/programs/terminal/git/default.nix +++ b/modules/home/programs/terminal/git/default.nix @@ -3,7 +3,7 @@ programs.git = { enable = true; userName = "Jimbo"; - userEmail = "jimbo@${config.domains.jim2}"; + userEmail = "jimbo@${config.domains.p2}"; }; programs.lazygit.enable = true; diff --git a/modules/system/services/default.nix b/modules/system/services/default.nix index df0419a..6866490 100644 --- a/modules/system/services/default.nix +++ b/modules/system/services/default.nix @@ -2,6 +2,6 @@ { imports = [ ./general - #./server + ./server ]; } diff --git a/modules/system/services/server/ddclient/default.nix b/modules/system/services/server/ddclient/default.nix index a77c102..c4e5a21 100644 --- a/modules/system/services/server/ddclient/default.nix +++ b/modules/system/services/server/ddclient/default.nix @@ -4,19 +4,19 @@ enable = config.system.server.enable; protocol = "cloudflare"; use = "web, web=https://ipinfo.io/ip"; - zone = "${config.domains.jim1}"; + zone = "${config.domains.p1}"; username = "token"; passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; domains = [ - "${config.domains.jim1}" - "*.${config.domains.jim1}" - "sv.${config.domains.jim1}" - "git.${config.domains.jim1}" - "turn.${config.domains.jim1}" - "dew.${config.domains.jim1}" - "john.${config.domains.jim1}" - "beta.${config.domains.jim1}" - "rogue.${config.domains.jim1}" + "${config.domains.p1}" + "*.${config.domains.p1}" + "sv.${config.domains.p1}" + "git.${config.domains.p1}" + "turn.${config.domains.p1}" + "dew.${config.domains.p1}" + "john.${config.domains.p1}" + "beta.${config.domains.p1}" + "rogue.${config.domains.p1}" ]; }; } diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix index d7af8b5..e4f671c 100644 --- a/modules/system/services/server/fileserver/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/default.nix @@ -5,7 +5,7 @@ services.nextcloud = { enable = config.system.server.enable; package = pkgs.nextcloud30; - hostName = "cloud.${config.domains.jim1}"; + hostName = "cloud.${config.domains.p1}"; datadir = "/mnt/nextcloud"; https = true; config = { @@ -14,13 +14,13 @@ }; settings = { trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${config.domains.jim1}" ]; + trusted_domains = [ "cloud.${config.domains.p1}" ]; overwriteprotocol = "https"; - mail_smtphost = "mx.${config.domains.jim1}"; - mail_domain = "${config.domains.jim1}"; + mail_smtphost = "mx.${config.domains.p1}"; + mail_domain = "${config.domains.p1}"; mail_from_address = "noreply"; mail_smtpauth = "true"; - mail_smtpname = "noreply@${config.domains.jim1}"; + mail_smtpname = "noreply@${config.domains.p1}"; mail_smtppassword = config.secrets.noreplyPassword; mail_smtpmode = "smtp"; mail_smtpport = 587; diff --git a/modules/system/services/server/fileserver/nextcloud/nginx/default.nix b/modules/system/services/server/fileserver/nextcloud/nginx/default.nix index 04f61f5..caa2610 100644 --- a/modules/system/services/server/fileserver/nextcloud/nginx/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/nginx/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - services.nginx.virtualHosts."cloud.${config.domains.jim1}" = lib.mkIf config.services.nextcloud.enable { + services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable { enableACME = true; addSSL = true; onlySSL = true; diff --git a/modules/system/services/server/fileserver/nfs/default.nix b/modules/system/services/server/fileserver/nfs/default.nix index 561aff0..37ff1ce 100644 --- a/modules/system/services/server/fileserver/nfs/default.nix +++ b/modules/system/services/server/fileserver/nfs/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { services.nfs.server = { enable = config.system.server.enable; diff --git a/modules/system/services/server/fileserver/samba/default.nix b/modules/system/services/server/fileserver/samba/default.nix index 6934cda..f370180 100644 --- a/modules/system/services/server/fileserver/samba/default.nix +++ b/modules/system/services/server/fileserver/samba/default.nix @@ -8,7 +8,7 @@ settings = { global = { "workgroup" = "WORKGROUP"; - "server string" = "JimSMB"; + "server string" = "NixSMB"; "security" = "user"; "hosts allow" = "${config.ips.localSpan}. 127.0.0.1 localhost"; "hosts deny" = "0.0.0.0/0"; diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index 027cc0d..2f2a7d7 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./nginx ]; @@ -7,17 +7,17 @@ enable = true; settings = { server = { - DOMAIN = "git.${config.domains.jim1}"; - ROOT_URL = "https://git.${config.domains.jim1}:443"; + DOMAIN = "git.${config.domains.p1}"; + ROOT_URL = "https://git.${config.domains.p1}:443"; HTTP_PORT = 3110; SSH_PORT = 2299; START_SSH_SERVER = true; }; mailer = { ENABLED = true; - SMTP_ADDR = "mx.${config.domains.jim1}"; - FROM = "Jimbo's Git "; - USER = "noreply@${config.domains.jim1}"; + SMTP_ADDR = "mx.${config.domains.p1}"; + FROM = "Jimbo's Git "; + USER = "noreply@${config.domains.p1}"; PASSWD = config.secrets.noreplyPassword; PROTOCOL = "smtps"; }; diff --git a/modules/system/services/server/forgejo/nginx/default.nix b/modules/system/services/server/forgejo/nginx/default.nix index 6cff04e..1236dcf 100644 --- a/modules/system/services/server/forgejo/nginx/default.nix +++ b/modules/system/services/server/forgejo/nginx/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - services.nginx.virtualHosts."git.${config.domains.jim1}" = lib.mkIf config.services.forgejo.enable { + services.nginx.virtualHosts."git.${config.domains.p1}" = lib.mkIf config.services.forgejo.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 475bb3b..78e9d49 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -8,7 +8,7 @@ services.icecast = { enable = config.system.server.enable; listen.port = 265; - hostname = "icecast.${config.domains.jim1}"; + hostname = "icecast.${config.domains.p1}"; admin = { user = "jimbo"; password = "${config.secrets.castAdminPass}"; @@ -19,7 +19,7 @@ Canada - contact@${config.domains.jim2} + contact@${config.domains.p2} ''; }; } diff --git a/modules/system/services/server/icecast/liquidsoap/jimbops/default.nix b/modules/system/services/server/icecast/liquidsoap/jimbops/default.nix index 2cce949..89d4dd9 100644 --- a/modules/system/services/server/icecast/liquidsoap/jimbops/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/jimbops/default.nix @@ -19,8 +19,8 @@ radio="JimBops Radio", genre = "Anything", description="Music gathered by me, Jimbo.", - website="https://icecast.${config.domains.jim1}", - url="https://icecast.${config.domains.jim1}/jimbops.opus", + website="https://icecast.${config.domains.p1}", + url="https://icecast.${config.domains.p1}/jimbops.opus", mount="jimbops.opus", icy_metadata=["artist", "title"], public=true, diff --git a/modules/system/services/server/icecast/liquidsoap/jimscrapped/default.nix b/modules/system/services/server/icecast/liquidsoap/jimscrapped/default.nix index 0c51482..28a26c8 100644 --- a/modules/system/services/server/icecast/liquidsoap/jimscrapped/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/jimscrapped/default.nix @@ -19,8 +19,8 @@ radio="Jimbo's Scrap", genre = "Scrapped", description="Music canned from the main radio.", - website="https://icecast.${config.domains.jim1}", - url="https://icecast.${config.domains.jim1}/jimscrapped.opus", + website="https://icecast.${config.domains.p1}", + url="https://icecast.${config.domains.p1}/jimscrapped.opus", mount="jimscrapped.opus", icy_metadata=["artist", "title"], public=true, diff --git a/modules/system/services/server/icecast/nginx/default.nix b/modules/system/services/server/icecast/nginx/default.nix index 54aee63..c88f03b 100644 --- a/modules/system/services/server/icecast/nginx/default.nix +++ b/modules/system/services/server/icecast/nginx/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - services.nginx.virtualHosts."icecast.${config.domains.jim1}" = lib.mkIf services.icecast.enable { + services.nginx.virtualHosts."icecast.${config.domains.p1}" = lib.mkIf config.services.icecast.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/default.nix b/modules/system/services/server/mailserver/default.nix index feb1822..cb7b82c 100644 --- a/modules/system/services/server/mailserver/default.nix +++ b/modules/system/services/server/mailserver/default.nix @@ -4,7 +4,6 @@ enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable mail host and services"; }; }; diff --git a/modules/system/services/server/mailserver/roundcube/default.nix b/modules/system/services/server/mailserver/roundcube/default.nix index 90638df..b1d1b90 100644 --- a/modules/system/services/server/mailserver/roundcube/default.nix +++ b/modules/system/services/server/mailserver/roundcube/default.nix @@ -2,9 +2,9 @@ { services.roundcube = { enable = config.system.mailserver.enable; - hostName = "mail.${config.domains.jim1}"; + hostName = "mail.${config.domains.p1}"; extraConfig = '' - $config['smtp_server'] = "tls://mx.${config.domains.jim1}"; + $config['smtp_server'] = "tls://mx.${config.domains.p1}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index f8252e7..dc390ae 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -8,37 +8,46 @@ mailserver = rec { enable = config.system.mailserver.enable; domains = [ - "${config.domains.jim1}" - "${config.domains.jim2}" + "${config.domains.p1}" + "${config.domains.p2}" "${config.domains.luna}" "${config.domains.corn}" ]; - fqdn = "mx.${config.domains.jim1}"; + fqdn = "mx.${config.domains.p1}"; certificateScheme = "acme-nginx"; localDnsResolver = false; redis.port = 1515; dmarcReporting = { enable = true; - domain = "${config.domains.jim1}"; + domain = "${config.domains.p1}"; localpart = "noreply"; organizationName = "Jimbo's Files"; }; # Passwords made with 'mkpasswd -sm bcrypt' loginAccounts = { - "noreply@${config.domains.jim1}" = { + "noreply@${config.domains.p1}" = { hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash; sendOnly = true; }; - "jimbo@${config.domains.jim2}" = { + "jimbo@${config.domains.p2}" = { hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash; aliases = [ - "jimbo@${config.domains.jim1}" - "james@${config.domains.jim1}" - "james@${config.domains.jim2}" - "contact@${config.domains.jim1}" - "contact@${config.domains.jim2}" + "jimbo@${config.domains.p1}" + "james@${config.domains.p1}" + "james@${config.domains.p2}" + "contact@${config.domains.p1}" + "contact@${config.domains.p2}" + ]; + }; + "vicee@${config.domains.p2}" = { + hashedPasswordFile = pkgs.writeText "vicee" config.secrets.jimboMailHash; + aliases = [ + "vice@${config.domains.p2}" + "yara@${config.domains.p2}" + "yaralis@${config.domains.p2}" + "contact@${config.domains.p2}" ]; }; "luna@${config.domains.luna}" = { diff --git a/modules/system/services/server/mailserver/simplenix/nginx/default.nix b/modules/system/services/server/mailserver/simplenix/nginx/default.nix index da75c28..99a3be3 100644 --- a/modules/system/services/server/mailserver/simplenix/nginx/default.nix +++ b/modules/system/services/server/mailserver/simplenix/nginx/default.nix @@ -1,6 +1,6 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { - services.nginx.virtualHosts."mx.${config.domains.jim1}" = lib.mkIf config.mailserver.enable { + services.nginx.virtualHosts."mx.${config.domains.p1}" = lib.mkIf config.mailserver.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/minecraft/default.nix b/modules/system/services/server/minecraft/default.nix index 7c59585..4e55138 100644 --- a/modules/system/services/server/minecraft/default.nix +++ b/modules/system/services/server/minecraft/default.nix @@ -1,4 +1,4 @@ -{ minecraft, ... }: +{ minecraft, config, ... }: { imports = [ minecraft.nixosModules.minecraft-servers diff --git a/modules/system/services/server/mysql/default.nix b/modules/system/services/server/mysql/default.nix index ffb208c..3354646 100644 --- a/modules/system/services/server/mysql/default.nix +++ b/modules/system/services/server/mysql/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { services.mysql = { enable = config.system.server.enable; diff --git a/modules/system/services/server/nginx/default.nix b/modules/system/services/server/nginx/default.nix index 8818a10..2151d14 100644 --- a/modules/system/services/server/nginx/default.nix +++ b/modules/system/services/server/nginx/default.nix @@ -1,20 +1,22 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { imports = [ ./rtmp ./virtualhosts ]; - services.nginx = { - enable = config.system.server.enable; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - }; + config = lib.mkIf config.system.server.enable { + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + }; - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + }; } diff --git a/modules/system/services/server/nginx/rtmp/default.nix b/modules/system/services/server/nginx/rtmp/default.nix index 27665d1..3bc0995 100644 --- a/modules/system/services/server/nginx/rtmp/default.nix +++ b/modules/system/services/server/nginx/rtmp/default.nix @@ -1,31 +1,40 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { - services.nginx = { - package = (pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; - }); - appendConfig = '' - rtmp { - server { - listen 1935; - chunk_size 4096; - allow publish all; - application stream { - record off; - live on; - allow play all; - hls on; - hls_path /var/www/Jimbo-Landing-Page/streams/hls/; - hls_fragment_naming system; - hls_fragment 3; - hls_playlist_length 40; - } - } - } - ''; + options.services.nginx.rtmp = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; }; - systemd.services.nginx.serviceConfig = { - ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; + config = lib.mkIf config.services.nginx.rtmp.enable { + services.nginx = { + package = (pkgs.nginx.override { + modules = with pkgs.nginxModules; [ rtmp ]; + }); + appendConfig = '' + rtmp { + server { + listen 1935; + chunk_size 4096; + allow publish all; + application stream { + record off; + live on; + allow play all; + hls on; + hls_path /var/www/Jimbo-Landing-Page/streams/hls/; + hls_fragment_naming system; + hls_fragment 3; + hls_playlist_length 40; + } + } + } + ''; + }; + + systemd.services.nginx.serviceConfig = { + ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; + }; }; } diff --git a/modules/system/services/server/nginx/virtualhosts/default.nix b/modules/system/services/server/nginx/virtualhosts/default.nix index 7737099..4c2b8a5 100644 --- a/modules/system/services/server/nginx/virtualhosts/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/default.nix @@ -1,6 +1,6 @@ { ... }: { imports = [ - ./jim1 + ./p1 ]; } diff --git a/modules/system/services/server/nginx/virtualhosts/jim1/default.nix b/modules/system/services/server/nginx/virtualhosts/p1/default.nix similarity index 60% rename from modules/system/services/server/nginx/virtualhosts/jim1/default.nix rename to modules/system/services/server/nginx/virtualhosts/p1/default.nix index a4c877f..e72cd06 100644 --- a/modules/system/services/server/nginx/virtualhosts/jim1/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/p1/default.nix @@ -1,22 +1,22 @@ -{ config, ... }: +{ config, lib, ... }: { - services.nginx.virtualHosts."${config.domains.jim1}" = { + services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable{ enableACME = true; addSSL = true; - root = "/var/www/Jimbo-Landing-Page"; + root = "/var/www/landing-page"; locations = { "/.well-known/matrix/client".extraConfig = '' default_type application/json; return 200 ' { "m.homeserver": { - "base_url": "https://matrix.${config.domains.jim1}" + "base_url": "https://matrix.${config.domains.p1}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { - "url": "https://matrix.${config.domains.jim1}" + "url": "https://matrix.${config.domains.p1}" } } '; @@ -24,7 +24,7 @@ "/.well-known/matrix/server".extraConfig = '' default_type application/json; - return 200 '{ "m.server": "matrix.${config.domains.jim1}:443" }'; + return 200 '{ "m.server": "matrix.${config.domains.p1}:443" }'; ''; }; }; diff --git a/modules/system/services/server/social/lemmy/default.nix b/modules/system/services/server/social/lemmy/default.nix index 00f4674..48fc0b1 100644 --- a/modules/system/services/server/social/lemmy/default.nix +++ b/modules/system/services/server/social/lemmy/default.nix @@ -7,11 +7,11 @@ nginx.enable = true; database.createLocally = true; settings = { - hostname = "lemmy.${config.domains.jim1}"; + hostname = "lemmy.${config.domains.p1}"; email = { - smtp_server = "mx.${config.domains.jim1}:587"; - smtp_login = "noreply@${config.domains.jim1}"; - smtp_from_address = "Jimbo's Lemmy "; + smtp_server = "mx.${config.domains.p1}:587"; + smtp_login = "noreply@${config.domains.p1}"; + smtp_from_address = "Jimbo's Lemmy "; smtp_password = config.secrets.noreplyPassword; tls_type = "starttls"; }; diff --git a/modules/system/services/server/social/lemmy/nginx/default.nix b/modules/system/services/server/social/lemmy/nginx/default.nix index f59b5bb..c083721 100644 --- a/modules/system/services/server/social/lemmy/nginx/default.nix +++ b/modules/system/services/server/social/lemmy/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."lemmy.${config.domains.jim1}" = lib.mkIf config.services.lemmy.enable { + services.nginx.virtualHosts."lemmy.${config.domains.p1}" = lib.mkIf config.services.lemmy.enable { enableACME = true; forceSSL = true; }; diff --git a/modules/system/services/server/social/mastodon/default.nix b/modules/system/services/server/social/mastodon/default.nix index 765a9a9..1776bcf 100644 --- a/modules/system/services/server/social/mastodon/default.nix +++ b/modules/system/services/server/social/mastodon/default.nix @@ -2,16 +2,16 @@ { services.mastodon = { enable = config.system.server.enable; - localDomain = "social.${config.domains.jim1}"; + localDomain = "social.${config.domains.p1}"; streamingProcesses = 4; configureNginx = true; smtp = { createLocally = false; - host = "mx.${config.domains.jim1}"; + host = "mx.${config.domains.p1}"; port = 587; authenticate = true; - fromAddress = "Jimbo's Mastodon "; - user = "noreply@${config.domains.jim1}"; + fromAddress = "Jimbo's Mastodon "; + user = "noreply@${config.domains.p1}"; passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; }; }; diff --git a/modules/system/services/server/social/matrix/coturn/default.nix b/modules/system/services/server/social/matrix/coturn/default.nix index c113785..7ca7e35 100644 --- a/modules/system/services/server/social/matrix/coturn/default.nix +++ b/modules/system/services/server/social/matrix/coturn/default.nix @@ -1,41 +1,43 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./nginx ]; - services = { - coturn = { - enable = true; - no-cli = true; - no-tcp-relay = true; - min-port = 49000; - max-port = 50000; - use-auth-secret = true; - static-auth-secret = config.secrets.coturnSecret; - realm = "turn.${config.domains.jim1}"; - cert = "/var/lib/acme/turn.${config.domains.jim1}.com/fullchain.pem"; - pkey = "/var/lib/acme/turn.${config.domains.jim1}.com/key.pem"; + config = lib.mkIf config.services.matrix-synapse.enable { + services = { + coturn = { + enable = true; + no-cli = true; + no-tcp-relay = true; + min-port = 49000; + max-port = 50000; + use-auth-secret = true; + static-auth-secret = config.secrets.coturnSecret; + realm = "turn.${config.domains.p1}"; + cert = "/var/lib/acme/turn.${config.domains.p1}.com/fullchain.pem"; + pkey = "/var/lib/acme/turn.${config.domains.p1}.com/key.pem"; + }; + + # Enable coturn on Synapse + matrix-synapse.settings = { + turn_uris = [ + "turn:turn.${config.domains.p1}:3478?transport=udp" + "turn:turn.${config.domains.p1}:3478?transport=tcp" + ]; + turn_shared_secret = config.secrets.coturnSecret; + turn_user_lifetime = "1h"; + }; }; - # Enable coturn on Synapse - matrix-synapse.settings = { - turn_uris = [ - "turn:turn.${config.domains.jim1}:3478?transport=udp" - "turn:turn.${config.domains.jim1}:3478?transport=tcp" + # Open coturn ports + networking.firewall = { + allowedUDPPorts = [ + 3478 + 5349 ]; - turn_shared_secret = config.secrets.coturnSecret; - turn_user_lifetime = "1h"; + allowedUDPPortRanges = [{ + from = config.services.coturn.min-port; + to = config.services.coturn.max-port; + }]; }; }; - - # Open coturn ports - networking.firewall = { - allowedUDPPorts = [ - 3478 - 5349 - ]; - allowedUDPPortRanges = [{ - from = config.services.coturn.min-port; - to = config.services.coturn.max-port; - }]; - }; } diff --git a/modules/system/services/server/social/matrix/coturn/nginx/default.nix b/modules/system/services/server/social/matrix/coturn/nginx/default.nix index ffb9884..b5d3cdc 100644 --- a/modules/system/services/server/social/matrix/coturn/nginx/default.nix +++ b/modules/system/services/server/social/matrix/coturn/nginx/default.nix @@ -1,20 +1,22 @@ -{ config, ... }: +{ config, lib, ... }: { - services.nginx.virtualHosts."turn.${config.domains.jim1}" = { - enableACME = true; - forceSSL = true; - listen = [{ - addr = "0.0.0.0"; - port = 80; - ssl = false; - }]; - locations."/".proxyPass = "http://127.0.0.1:1380"; - }; + config = lib.mkIf config.services.coturn.enable { + services.nginx.virtualHosts."turn.${config.domains.p1}" = { + enableACME = true; + forceSSL = true; + listen = [{ + addr = "0.0.0.0"; + port = 80; + ssl = false; + }]; + locations."/".proxyPass = "http://127.0.0.1:1380"; + }; - security.acme.certs = { - "turn.${config.domains.jim1}" = { - group = "turnserver"; - postRun = "systemctl restart coturn.service"; + security.acme.certs = { + "turn.${config.domains.p1}" = { + group = "turnserver"; + postRun = "systemctl restart coturn.service"; + }; }; }; } diff --git a/modules/system/services/server/social/matrix/default.nix b/modules/system/services/server/social/matrix/default.nix index a36a3b2..2a569ee 100644 --- a/modules/system/services/server/social/matrix/default.nix +++ b/modules/system/services/server/social/matrix/default.nix @@ -3,7 +3,6 @@ imports = [ ./coturn ./element - ./slidingsync ./synapse ]; } diff --git a/modules/system/services/server/social/matrix/element/default.nix b/modules/system/services/server/social/matrix/element/default.nix index e0f756b..97be8e4 100644 --- a/modules/system/services/server/social/matrix/element/default.nix +++ b/modules/system/services/server/social/matrix/element/default.nix @@ -1,21 +1,23 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./nginx ]; - nixpkgs.config.element-web.conf = { - default_server_config."m.homeserver" = { - base_url = "https://matrix.${config.domains.jim1}"; - server_name = "matrix.${config.domains.jim1}"; + config = lib.mkIf config.services.matrix-synapse.enable { + nixpkgs.config.element-web.conf = { + default_server_config."m.homeserver" = { + base_url = "https://matrix.${config.domains.p1}"; + server_name = "matrix.${config.domains.p1}"; + }; + branding = { + #welcome_background_url = "https://staging.${config.domains.p1}/images/backgrounds/template-background.png"; + #auth_header_logo_url = "https://staging.${config.domains.p1}/images/logos/template-logo.png"; + }; + embedded_pages = { + home_url = "https://www.${config.domains.p1}/"; + }; + disable_custom_urls = true; + disable_guests = true; + default_theme = "dark"; }; - branding = { - #welcome_background_url = "https://staging.${config.domains.jim1}/images/backgrounds/template-background.png"; - #auth_header_logo_url = "https://staging.${config.domains.jim1}/images/logos/template-logo.png"; - }; - embedded_pages = { - home_url = "https://www.${config.domains.jim1}/"; - }; - disable_custom_urls = true; - disable_guests = true; - default_theme = "dark"; }; } diff --git a/modules/system/services/server/social/matrix/element/nginx/default.nix b/modules/system/services/server/social/matrix/element/nginx/default.nix index 4308c4c..d56c538 100644 --- a/modules/system/services/server/social/matrix/element/nginx/default.nix +++ b/modules/system/services/server/social/matrix/element/nginx/default.nix @@ -1,6 +1,6 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { - services.nginx.virtualHosts."chat.${config.domains.jim1}" = { + services.nginx.virtualHosts."chat.${config.domains.p1}" = lib.mkIf config.services.matrix-synapse.enable { enableACME = true; addSSL = true; root = "${pkgs.element-web}"; diff --git a/modules/system/services/server/social/matrix/slidingsync/default.nix b/modules/system/services/server/social/matrix/slidingsync/default.nix deleted file mode 100644 index 66edbae..0000000 --- a/modules/system/services/server/social/matrix/slidingsync/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, config, ... }: -{ - services.matrix-sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = "https://matrix.${config.domains.jim1}"; - SYNCV3_BINDADDR = "0.0.0.0:8009"; - }; - environmentFile = pkgs.writeText "matrixsecret" '' - SYNCV3_SECRET=${config.secrets.matrixSecret} - ''; - }; -} diff --git a/modules/system/services/server/social/matrix/synapse/default.nix b/modules/system/services/server/social/matrix/synapse/default.nix index bd22d6e..e3e40bc 100644 --- a/modules/system/services/server/social/matrix/synapse/default.nix +++ b/modules/system/services/server/social/matrix/synapse/default.nix @@ -1,10 +1,10 @@ { pkgs, config, ... }: { services.matrix-synapse = { - enable = true; + enable = config.system.server.enable; settings = { - server_name = "${config.domains.jim1}"; - public_baseurl = "https://matrix.${config.domains.jim1}"; + server_name = "${config.domains.p1}"; + public_baseurl = "https://matrix.${config.domains.p1}"; suppress_key_server_warning = true; listeners = [ @@ -19,9 +19,9 @@ ]; email = { - notif_from = "Jimbo's Matrix "; - smtp_host = "mx.${config.domains.jim1}"; - smtp_user = "noreply@${config.domains.jim1}"; + notif_from = "Jimbo's Matrix "; + smtp_host = "mx.${config.domains.p1}"; + smtp_user = "noreply@${config.domains.p1}"; smtp_pass = config.secrets.noreplyPassword; enable_tls = true; smtp_port = 587; diff --git a/modules/system/services/server/social/matrix/synapse/nginx/default.nix b/modules/system/services/server/social/matrix/synapse/nginx/default.nix index 74ebb8d..ec4bcad 100644 --- a/modules/system/services/server/social/matrix/synapse/nginx/default.nix +++ b/modules/system/services/server/social/matrix/synapse/nginx/default.nix @@ -1,6 +1,6 @@ { config, ... }: { - services.nginx.virtualHosts."matrix.${config.domains.jim1}" = { + services.nginx.virtualHosts."matrix.${config.domains.p1}" = { enableACME = true; forceSSL = true; locations = { diff --git a/modules/system/services/server/social/owncast/default.nix b/modules/system/services/server/social/owncast/default.nix index 105010f..a1cd7ab 100644 --- a/modules/system/services/server/social/owncast/default.nix +++ b/modules/system/services/server/social/owncast/default.nix @@ -1,9 +1,9 @@ -{ ... }: +{ config, ... }: { imports = [ ./nginx ]; services.owncast = { - enable = true; + enable = config.system.server.enable; port = 8060; rtmp-port = 1945; listen = "0.0.0.0"; diff --git a/modules/system/services/server/social/owncast/nginx/default.nix b/modules/system/services/server/social/owncast/nginx/default.nix index 01b6e59..15ac8fb 100644 --- a/modules/system/services/server/social/owncast/nginx/default.nix +++ b/modules/system/services/server/social/owncast/nginx/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: { - services.nginx.virtualHosts."live.${config.domains.jim1}" = { + services.nginx.virtualHosts."live.${config.domains.p1}" = lib.mkIf config.services.owncast.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/transmission/default.nix b/modules/system/services/server/transmission/default.nix index 27e1b53..9de2d5d 100644 --- a/modules/system/services/server/transmission/default.nix +++ b/modules/system/services/server/transmission/default.nix @@ -3,7 +3,7 @@ imports = [ ./nginx ]; services.transmission = { - enable = true; + enable = config.system.server.enable; credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; openPeerPorts = true; settings.rpc-authentication-required = true; diff --git a/modules/system/services/server/transmission/nginx/default.nix b/modules/system/services/server/transmission/nginx/default.nix index a980c61..a42c5d9 100644 --- a/modules/system/services/server/transmission/nginx/default.nix +++ b/modules/system/services/server/transmission/nginx/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: { - services.nginx.virtualHosts."torrent.${config.domains.jim1}" = { + services.nginx.virtualHosts."torrent.${config.domains.p1}" = config.services.transmission.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index 53e7d54..b2829fa 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -3,19 +3,19 @@ imports = [ ./nginx ]; services.vaultwarden = { - enable = true; + enable = config.system.server.enable; config = { - DOMAIN = "https://warden.${config.domains.jim1}"; + DOMAIN = "https://warden.${config.domains.p1}"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; # Smtp email - SMTP_HOST = "mx.${config.domains.jim1}"; - SMTP_FROM = "noreply@${config.domains.jim1}"; + SMTP_HOST = "mx.${config.domains.p1}"; + SMTP_FROM = "noreply@${config.domains.p1}"; SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${config.domains.jim1}"; + SMTP_USERNAME = "noreply@${config.domains.p1}"; SMTP_PASSWORD = config.secrets.noreplyPassword; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; diff --git a/modules/system/services/server/vaultwarden/nginx/default.nix b/modules/system/services/server/vaultwarden/nginx/default.nix index cec70c5..20d96d8 100644 --- a/modules/system/services/server/vaultwarden/nginx/default.nix +++ b/modules/system/services/server/vaultwarden/nginx/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: { - services.nginx.virtualHosts."warden.${config.domains.jim1}" = { + services.nginx.virtualHosts."warden.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable { enableACME = true; forceSSL = true; locations."/" = {