Jimbo/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Jimbo:6a4fce5a37a0a382a5e68283f4e8fe232344b998
Branches Tags
Jimbo:main
..
compare: Jimbo:b948ee3740e5a67b99b7c45807ce501cb762f1c8
Branches Tags
Jimbo:main

No commits in common. "6a4fce5a37a0a382a5e68283f4e8fe232344b998" and "b948ee3740e5a67b99b7c45807ce501cb762f1c8" have entirely different histories.
6a4fce5a37 ... b948ee3740

12 changed files with 66 additions and 47 deletions
Show stats Expand all files Collapse all files

4
modules/system/services/server/forgejo/default.nix
View file

@ -7,8 +7,8 @@
enable = true; enable = true;
settings = { settings = {
server = { server = {
DOMAIN = "git.${config.domains.p2}"; DOMAIN = "git.${config.domains.p1}";
ROOT_URL = "https://git.${config.domains.p2}:443"; ROOT_URL = "https://git.${config.domains.p1}:443";
HTTP_PORT = 3110; HTTP_PORT = 3110;
SSH_PORT = 2299; SSH_PORT = 2299;
START_SSH_SERVER = true; START_SSH_SERVER = true;

2
modules/system/services/server/forgejo/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
services.nginx.virtualHosts."git.${config.domains.p2}" = lib.mkIf config.services.forgejo.enable { services.nginx.virtualHosts."git.${config.domains.p1}" = lib.mkIf config.services.forgejo.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

1
modules/system/services/server/nginx/virtualhosts/default.nix
View file

@ -1,7 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./p1
./p2 ./p2
]; ];
} }

26
modules/system/services/server/nginx/virtualhosts/p1/default.nix
View file

@ -1,26 +0,0 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable {
enableACME = true;
addSSL = true;
locations = {
"/.well-known/matrix/client".extraConfig = ''
default_type application/json;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${config.domains.p1}"
},
"m.identity_server": {
"base_url": "https://matrix.org"
}
}
';
'';
"/.well-known/matrix/server".extraConfig = ''
default_type application/json;
return 200 '{ "m.server": "matrix.${config.domains.p1}:443" }';
'';
};
};
}

23
modules/system/services/server/nginx/virtualhosts/p2/default.nix
View file

@ -4,5 +4,28 @@
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
root = "/var/www/landing-page"; root = "/var/www/landing-page";
locations = {
"/.well-known/matrix/client".extraConfig = ''
default_type application/json;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${config.domains.p2}"
},
"m.identity_server": {
"base_url": "https://matrix.org"
},
"org.matrix.msc3575.proxy": {
"url": "https://matrix.${config.domains.p2}"
}
}
';
'';
"/.well-known/matrix/server".extraConfig = ''
default_type application/json;
return 200 '{ "m.server": "matrix.${config.domains.p2}:443" }';
'';
};
}; };
} }

1
modules/system/services/server/social/default.nix
View file

@ -1,6 +1,7 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./lemmy
./mastodon ./mastodon
./matrix ./matrix
./owncast ./owncast

20
modules/system/services/server/social/lemmy/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, ... }:
{
imports = [ ./nginx ];
services.lemmy = {
enable = config.system.server.enable;
nginx.enable = true;
database.createLocally = true;
settings = {
hostname = "lemmy.${config.domains.p1}";
email = {
smtp_server = "mx.${config.domains.p1}:587";
smtp_login = "noreply@${config.domains.p1}";
smtp_from_address = "NixFox Lemmy <noreply@${config.domains.p1}>";
smtp_password = config.secrets.noreplyPassword;
tls_type = "starttls";
};
};
};
}

7
modules/system/services/server/social/lemmy/nginx/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."lemmy.${config.domains.p1}" = lib.mkIf config.services.lemmy.enable {
enableACME = true;
forceSSL = true;
};
}

2
modules/system/services/server/social/matrix/element/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
{ {
services.nginx.virtualHosts."chat.${config.domains.p2}" = lib.mkIf config.services.matrix-synapse.enable { services.nginx.virtualHosts."chat.${config.domains.p1}" = lib.mkIf config.services.matrix-synapse.enable {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
root = "${pkgs.element-web}"; root = "${pkgs.element-web}";

18
modules/system/services/server/social/matrix/synapse/default.nix
View file

@ -1,9 +1,5 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [
./nginx
];
services.matrix-synapse = { services.matrix-synapse = {
enable = config.system.server.enable; enable = config.system.server.enable;
settings = { settings = {
@ -15,13 +11,7 @@
{ {
port = 8008; port = 8008;
bind_addresses = [ "::" "0.0.0.0" ]; bind_addresses = [ "::" "0.0.0.0" ];
resources = [{ resources = [ { compress = true; names = [ "client" "federation" ]; } ];
compress = true;
names = [
"client"
"federation"
];
}];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
@ -29,7 +19,7 @@
]; ];
email = { email = {
notif_from = "NixFox Matrix <noreply@${config.domains.p1}>"; notif_from = "Jimbo's Matrix <noreply@${config.domains.p1}>";
smtp_host = "mx.${config.domains.p1}"; smtp_host = "mx.${config.domains.p1}";
smtp_user = "noreply@${config.domains.p1}"; smtp_user = "noreply@${config.domains.p1}";
smtp_pass = config.secrets.noreplyPassword; smtp_pass = config.secrets.noreplyPassword;
@ -43,6 +33,10 @@
# Allow only this range of emails # Allow only this range of emails
allowed_local_3pids = [ allowed_local_3pids = [
{
medium = "email";
pattern = ''^[^@]+@jimbosfiles\.com$'';
}
{ {
medium = "email"; medium = "email";
pattern = ''^[^@]+@nixfox\.ca$''; pattern = ''^[^@]+@nixfox\.ca$'';

7
modules/system/services/server/social/matrix/synapse/nginx/default.nix
View file

@ -1,12 +1,13 @@
{ config, lib, ... }: { config, ... }:
{ {
services.nginx.virtualHosts."matrix.${config.domains.p1}" = lib.mkIf config.services.matrix-synapse.enable { services.nginx.virtualHosts."matrix.${config.domains.p1}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations = { locations = {
"/".extraConfig = ''return 403;''; "/".extraConfig = ''return 403;'';
"/client".proxyPass = "http://127.0.0.1:8008"; "/client".proxyPass = "http://127.0.0.1:8009";
"/_matrix".proxyPass = "http://127.0.0.1:8008"; "/_matrix".proxyPass = "http://127.0.0.1:8008";
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
"/_synapse/client".proxyPass = "http://127.0.0.1:8008"; "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
}; };
}; };

2
modules/system/services/server/social/owncast/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."live.${config.domains.p2}" = lib.mkIf config.services.owncast.enable { services.nginx.virtualHosts."live.${config.domains.p1}" = lib.mkIf config.services.owncast.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {