diff options
Diffstat (limited to 'Omni/Cloud')
| -rw-r--r-- | Omni/Cloud/Chat.nix | 48 | ||||
| -rw-r--r-- | Omni/Cloud/Comms.nix | 6 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Coturn.nix | 4 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Jitsi.nix | 4 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Mumble.nix | 8 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 14 | ||||
| -rw-r--r-- | Omni/Cloud/Git.nix | 26 | ||||
| -rw-r--r-- | Omni/Cloud/Gmnisrv.nix | 22 | ||||
| -rw-r--r-- | Omni/Cloud/Hardware.nix | 6 | ||||
| -rw-r--r-- | Omni/Cloud/Mail.nix | 24 | ||||
| -rw-r--r-- | Omni/Cloud/Networking.nix | 25 | ||||
| -rw-r--r-- | Omni/Cloud/NostrRelay.nix | 15 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 50 | ||||
| -rw-r--r-- | Omni/Cloud/Znc.nix | 60 |
14 files changed, 153 insertions, 159 deletions
diff --git a/Omni/Cloud/Chat.nix b/Omni/Cloud/Chat.nix index 7f86621..a3a6a78 100644 --- a/Omni/Cloud/Chat.nix +++ b/Omni/Cloud/Chat.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: # # a homeserver for matrix.org. # @@ -24,17 +28,21 @@ in { enable = false; settings.server_name = config.networking.domain; #registration_shared_secret = "AkGRWSQLga3RoKRFnHhKoeCEIeZzu31y4TRzMRkMyRbBnETkVTSxilf24qySLzQn"; - settings.listeners = [{ - port = matrix_port; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = false; - }]; - }]; + settings.listeners = [ + { + port = matrix_port; + bind_address = "::1"; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client" "federation"]; + compress = false; + } + ]; + } + ]; }; # matrix needs a database # @@ -50,16 +58,16 @@ in { virtualHosts = { # route to matrix-synapse "${config.networking.domain}" = { - locations."= /.well-known/matrix/server".extraConfig = - let server = { "m.server" = "${fqdn}:443"; }; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; + locations."= /.well-known/matrix/server".extraConfig = let + server = {"m.server" = "${fqdn}:443";}; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; locations."= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; + "m.homeserver" = {"base_url" = "https://${fqdn}";}; + "m.identity_server" = {"base_url" = "https://vector.im";}; }; in '' add_header Content-Type application/json; diff --git a/Omni/Cloud/Comms.nix b/Omni/Cloud/Comms.nix index bf7a763..fec53be 100644 --- a/Omni/Cloud/Comms.nix +++ b/Omni/Cloud/Comms.nix @@ -1,5 +1 @@ -{ ... }: - -{ - imports = [ ./Comms/Xmpp.nix ./Comms/Mumble.nix ]; -} +{...}: {imports = [./Comms/Xmpp.nix ./Comms/Mumble.nix];} diff --git a/Omni/Cloud/Comms/Coturn.nix b/Omni/Cloud/Comms/Coturn.nix index 93093f0..485ec66 100644 --- a/Omni/Cloud/Comms/Coturn.nix +++ b/Omni/Cloud/Comms/Coturn.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { services.coturn = { enable = true; cert = "/var/lib/acme/${config.networking.domain}/fullchain.pem"; diff --git a/Omni/Cloud/Comms/Jitsi.nix b/Omni/Cloud/Comms/Jitsi.nix index 17aeced..23bfc28 100644 --- a/Omni/Cloud/Comms/Jitsi.nix +++ b/Omni/Cloud/Comms/Jitsi.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { services.jitsi-meet = { enable = true; config = { diff --git a/Omni/Cloud/Comms/Mumble.nix b/Omni/Cloud/Comms/Mumble.nix index 66d21a5..db332ce 100644 --- a/Omni/Cloud/Comms/Mumble.nix +++ b/Omni/Cloud/Comms/Mumble.nix @@ -1,7 +1,7 @@ -{ config, ... }: - +{config, ...}: # mumble and related services -let ports = import ../Ports.nix; +let + ports = import ../Ports.nix; in { services.murmur = { enable = true; @@ -19,7 +19,7 @@ in { listening_addr = "127.0.0.1"; listening_port = ports.botamusique; }; - radio = { lofi = "https://live.hunter.fm/lofi_high"; }; + radio = {lofi = "https://live.hunter.fm/lofi_high";}; }; }; } diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index ad8649b..5a8264b 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + ... +}: # # xmpp chat service # @@ -23,12 +27,12 @@ in { services.prosody = { enable = true; package = - pkgs.prosody.override { withCommunityModules = [ "conversejs" ]; }; + pkgs.prosody.override {withCommunityModules = ["conversejs"];}; # when i learn how to use security.acme better, and use separate certs, then i # can fix this group group = "nginx"; - admins = [ "bsima@${rootDomain}" ]; + admins = ["bsima@${rootDomain}"]; allowRegistration = true; inherit ssl; uploadHttp = { @@ -126,7 +130,7 @@ in { }; }; - services.prosody-filer = { enable = true; }; + services.prosody-filer = {enable = true;}; services.nginx.virtualHosts."${rootDomain}".locations = { "/http-bind" = { @@ -186,7 +190,7 @@ in { }; }; - users.users.nginx.extraGroups = [ "prosody" ]; + users.users.nginx.extraGroups = ["prosody"]; security.acme.certs.${rootDomain}.extraDomainNames = [ # these stopped working idk why diff --git a/Omni/Cloud/Git.nix b/Omni/Cloud/Git.nix index bc97d23..854c58a 100644 --- a/Omni/Cloud/Git.nix +++ b/Omni/Cloud/Git.nix @@ -1,6 +1,9 @@ -{ lib, config, pkgs, ... }: - -let +{ + lib, + config, + pkgs, + ... +}: let inherit (config.networking) domain; root = "/var/git"; ports = import ./Ports.nix; @@ -70,8 +73,7 @@ in { ]; plugins = [ (pkgs.fetchurl { - url = - "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; + url = "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; sha256 = "sha256-MS3ElMRUrBX4miiflepMETRK3SaASqpqO3nUn9kq3Gk="; }) ]; @@ -80,16 +82,14 @@ in { settings = { auth.type = "OAUTH"; auth.gitBasicAuthPolicy = "HTTP"; - download.command = [ "checkout" "cherry_pick" "pull" "format_patch" ]; + download.command = ["checkout" "cherry_pick" "pull" "format_patch"]; gerrit.canonicalWebUrl = "https://gerrit.${domain}"; - httpd.listenUrl = - "proxy-https://${config.services.gerrit.listenAddress}"; + httpd.listenUrl = "proxy-https://${config.services.gerrit.listenAddress}"; plugin.gerrit-oauth-provider-github-oauth = { root-url = "https://github.com"; client-id = "e48084aa0eebe31a2b18"; }; - sshd.advertisedAddress = - "gerrit.${domain}:${toString ports.gerrit-ssh}"; + sshd.advertisedAddress = "gerrit.${domain}:${toString ports.gerrit-ssh}"; sshd.listenAddress = "[::]:${toString ports.gerrit-ssh}"; }; }; @@ -111,9 +111,9 @@ in { group = "gitDaemon"; isSystemUser = true; description = "Git daemon user"; - extraGroups = [ "git" ]; + extraGroups = ["git"]; }; - "nginx".extraGroups = [ "git" ]; + "nginx".extraGroups = ["git"]; }; - users.groups = { gitDaemon = { }; }; + users.groups = {gitDaemon = {};}; } diff --git a/Omni/Cloud/Gmnisrv.nix b/Omni/Cloud/Gmnisrv.nix index e2a66f6..c7ee523 100644 --- a/Omni/Cloud/Gmnisrv.nix +++ b/Omni/Cloud/Gmnisrv.nix @@ -1,8 +1,12 @@ -{ lib, config, pkgs, ... }: - -let cfg = config.services.gmnisrv; +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.services.gmnisrv; in { - meta.maintainers = [ lib.maintainers.bsima ]; + meta.maintainers = [lib.maintainers.bsima]; options.services.gmnisrv = { enable = lib.mkEnableOption "Enable the gmnisrv service"; listen = lib.mkOption { @@ -15,7 +19,7 @@ in { Configuration for gmnisrv. See gmnisrv.ini(5) for supported settings. ''; default = { - ":tls" = { "store" = lib.mkDefault "${cfg.dataDir}/certs"; }; + ":tls" = {"store" = lib.mkDefault "${cfg.dataDir}/certs";}; }; }; dataDir = lib.mkOption { @@ -27,11 +31,11 @@ in { config = lib.mkIf cfg.enable { systemd.services.gmnisrv = { description = "gmnisrv service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; script = let - ini = lib.generators.toINIWithGlobalSection { } { - globalSection = { "listen" = cfg.listen; }; + ini = lib.generators.toINIWithGlobalSection {} { + globalSection = {"listen" = cfg.listen;}; sections = cfg.settings; }; in "${pkgs.gmnisrv}/bin/gmnisrv -C ${ini}"; diff --git a/Omni/Cloud/Hardware.nix b/Omni/Cloud/Hardware.nix index 8fdbd4e..5824223 100644 --- a/Omni/Cloud/Hardware.nix +++ b/Omni/Cloud/Hardware.nix @@ -1,7 +1,7 @@ -{ modulesPath, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; +{modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; boot.loader.grub.device = "/dev/vda"; - boot.initrd.kernelModules = [ "nvme" ]; + boot.initrd.kernelModules = ["nvme"]; fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; diff --git a/Omni/Cloud/Mail.nix b/Omni/Cloud/Mail.nix index fa99cf3..d3f70bc 100644 --- a/Omni/Cloud/Mail.nix +++ b/Omni/Cloud/Mail.nix @@ -1,12 +1,11 @@ -{ ... }: +{...}: +/* +Known issues: -/* Known issues: - - - when the acme cert gets refreshed, you need to manually restart dovecot - - when restarting dovecot, it might hang, in that case do: - systemctl --job-mode=ignore-dependencies restart dovecot2 postfix +- when the acme cert gets refreshed, you need to manually restart dovecot +- when restarting dovecot, it might hang, in that case do: + systemctl --job-mode=ignore-dependencies restart dovecot2 postfix */ - { mailserver = { enable = true; @@ -15,7 +14,7 @@ alertAddress = "bsima@me.com"; }; fqdn = "simatime.com"; - domains = [ "simatime.com" "bsima.me" ]; + domains = ["simatime.com" "bsima.me"]; certificateScheme = 3; # let's encrypt enableImap = true; enablePop3 = true; @@ -35,18 +34,17 @@ "postmaster@simatime.com" "abuse@simatime.com" ]; - catchAll = [ "simatime.com" "bsima.me" ]; + catchAll = ["simatime.com" "bsima.me"]; quota = "10G"; }; "dev@simatime.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; - aliases = [ "dev@bsima.me" ]; + aliases = ["dev@bsima.me"]; quota = "10G"; }; "nick@simatime.com" = { - hashedPassword = - "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; - aliases = [ "nicolai@simatime.com" ]; + hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; + aliases = ["nicolai@simatime.com"]; quota = "1G"; }; }; diff --git a/Omni/Cloud/Networking.nix b/Omni/Cloud/Networking.nix index 1c1f832..419433b 100644 --- a/Omni/Cloud/Networking.nix +++ b/Omni/Cloud/Networking.nix @@ -1,8 +1,8 @@ -{ lib, ... }: { +{lib, ...}: { # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ "8.8.8.8" ]; + nameservers = ["8.8.8.8"]; defaultGateway = "143.198.112.1"; defaultGateway6 = "2604:a880:400:d0::1"; dhcpcd.enable = false; @@ -29,16 +29,19 @@ prefixLength = 64; } ]; - ipv4.routes = [{ - address = "143.198.112.1"; - prefixLength = 32; - }]; - ipv6.routes = [{ - address = "2604:a880:400:d0::1"; - prefixLength = 128; - }]; + ipv4.routes = [ + { + address = "143.198.112.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "2604:a880:400:d0::1"; + prefixLength = 128; + } + ]; }; - }; }; services.udev.extraRules = '' diff --git a/Omni/Cloud/NostrRelay.nix b/Omni/Cloud/NostrRelay.nix index 0be8a6f..1bcf99b 100644 --- a/Omni/Cloud/NostrRelay.nix +++ b/Omni/Cloud/NostrRelay.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let ports = import ./Ports.nix; dataDir = "/var/lib/nostr-rs-relay"; # https://git.sr.ht/~gheartsfield/nostr-rs-relay/tree/master/config.toml @@ -19,16 +21,15 @@ let ''; in { config.systemd.services.nostr-relay = { - path = [ pkgs.nostr-rs-relay ]; - wantedBy = [ "multi-user.target" ]; + path = [pkgs.nostr-rs-relay]; + wantedBy = ["multi-user.target"]; preStart = '' mkdir -p ${dataDir} cat "${cfg}" > ${dataDir}/config.toml ''; script = "nostr-rs-relay --db ${dataDir}"; serviceConfig = { - Environment = - [ "RUST_LOG=info,nostr_rs_relay=info" "APP_DATA=${dataDir}" ]; + Environment = ["RUST_LOG=info,nostr_rs_relay=info" "APP_DATA=${dataDir}"]; WorkingDirectory = dataDir; KillSignal = "INT"; Type = "simple"; diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index 0e080f5..1791539 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -1,10 +1,8 @@ -{ config, ... }: - -let +{config, ...}: let rootDomain = config.networking.domain; ports = import ./Ports.nix; in { - imports = [ ./Gmnisrv.nix ]; + imports = [./Gmnisrv.nix]; networking.firewall = { allowedTCPPorts = [ ports.ssh @@ -20,7 +18,6 @@ in { }; services = { - libreddit = { enable = true; address = "127.0.0.1"; @@ -84,8 +81,8 @@ in { enable = false; listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}"; settings = { - ":tls" = { store = "/var/lib/gmnisrv"; }; - "bsima.me" = { "root" = "/var/web/ben"; }; + ":tls" = {store = "/var/lib/gmnisrv";}; + "bsima.me" = {"root" = "/var/web/ben";}; "${rootDomain}" = { "root" = "/var/web/simatime.com"; "cgi" = "on"; @@ -114,11 +111,10 @@ in { "/git".return = "301 https://$host/git/"; # nostr nip-5 verification "/.well-known/nostr.json".return = "200 '${ - builtins.toJSON { - names.bensima = - "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; - } - }'"; + builtins.toJSON { + names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; + } + }'"; # disabled for nixpert test "/" = { root = "/var/web/simatime.com"; @@ -145,28 +141,25 @@ in { autoindex on; ''; }; - serverAliases = [ "www.bsima.me" ]; + serverAliases = ["www.bsima.me"]; forceSSL = true; useACMEHost = rootDomain; }; "hoogle.${rootDomain}" = { - locations."/".proxyPass = - "http://${ports.bensIp}:${toString ports.hoogle}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}"; forceSSL = true; useACMEHost = rootDomain; }; "tv.${rootDomain}" = { - locations."/".proxyPass = - "http://${ports.bensIp}:${toString ports.jellyfin}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.jellyfin}"; forceSSL = true; useACMEHost = rootDomain; }; "cal.${rootDomain}" = { - locations."/".proxyPass = - "http://localhost:${toString ports.radicale}"; + locations."/".proxyPass = "http://localhost:${toString ports.radicale}"; forceSSL = true; useACMEHost = rootDomain; extraConfig = '' @@ -178,8 +171,7 @@ in { }; "reddit.${rootDomain}" = { - locations."/".proxyPass = - "http://localhost:${toString ports.libreddit}"; + locations."/".proxyPass = "http://localhost:${toString ports.libreddit}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -195,8 +187,7 @@ in { }; "youtube.${rootDomain}" = { - locations."/".proxyPass = - "http://localhost:${toString ports.invidious}"; + locations."/".proxyPass = "http://localhost:${toString ports.invidious}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -212,8 +203,7 @@ in { }; "dandel-rovbur.${rootDomain}" = { - locations."/".proxyPass = - "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -228,8 +218,7 @@ in { forceSSL = true; useACMEHost = rootDomain; locations."/" = { - proxyPass = - "http://${ports.bensIp}:${toString ports.stableDiffusion}"; + proxyPass = "http://${ports.bensIp}:${toString ports.stableDiffusion}"; proxyWebsockets = true; }; }; @@ -237,8 +226,7 @@ in { "music.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; - locations."/".proxyPass = - "http://localhost:${toString ports.botamusique}"; + locations."/".proxyPass = "http://localhost:${toString ports.botamusique}"; }; "nostr.${rootDomain}" = { @@ -273,14 +261,14 @@ in { }; }; }; - }; }; }; # This must contain all of the other domains we host security.acme.certs.${rootDomain}.extraDomainNames = - [ "bsima.me" "www.bsima.me" ] ++ map (sub: "${sub}.${rootDomain}") [ + ["bsima.me" "www.bsima.me"] + ++ map (sub: "${sub}.${rootDomain}") [ "music" "tv" "matrix" diff --git a/Omni/Cloud/Znc.nix b/Omni/Cloud/Znc.nix index e68ebc7..5b927bc 100644 --- a/Omni/Cloud/Znc.nix +++ b/Omni/Cloud/Znc.nix @@ -1,63 +1,60 @@ -/* N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' +/* +N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' - - https://wiki.znc.in/Configuration +- https://wiki.znc.in/Configuration */ - -{ pkgs, ... }: - -{ +{pkgs, ...}: { services = { znc = { enable = true; openFirewall = true; - modulePackages = with pkgs.zncModules; - [ - #backlog clientaway clientbuffer - #ignore - ]; + modulePackages = with pkgs.zncModules; [ + #backlog clientaway clientbuffer + #ignore + ]; useLegacyConfig = false; config = { - LoadModule = [ "adminlog" ]; + LoadModule = ["adminlog"]; Motd = "welcome to znc.simatime.com"; User.bsima = { Admin = true; Nick = "bsima"; AltNick = "bsima1"; - LoadModule = [ "chansaver" "controlpanel" "log" ]; + LoadModule = ["chansaver" "controlpanel" "log"]; Network = { efnet = { Server = "irc.efnet.info +6697"; - LoadModule = [ "simple_away" ]; + LoadModule = ["simple_away"]; }; libera = { Server = "irc.libera.chat +6697"; - LoadModule = [ "simple_away" "nickserv" "sasl" ]; + LoadModule = ["simple_away" "nickserv" "sasl"]; Nick = "bsima"; Chan = { - "#emacs" = { Detached = true; }; - "#guile" = { }; - "#guix" = { Detached = true; }; - "#haskell" = { }; - "#hledger" = { }; - "#nixos" = { }; - "#notmuch" = { Detached = true; }; - "#org-mode" = { Detached = true; }; - "#scheme" = { Detached = true; }; - "#sr.ht" = { Detached = true; }; - "#xmonad" = { Detached = true; }; + "#emacs" = {Detached = true;}; + "#guile" = {}; + "#guix" = {Detached = true;}; + "#haskell" = {}; + "#hledger" = {}; + "#nixos" = {}; + "#notmuch" = {Detached = true;}; + "#org-mode" = {Detached = true;}; + "#scheme" = {Detached = true;}; + "#sr.ht" = {Detached = true;}; + "#xmonad" = {Detached = true;}; }; }; oftc = { Server = "irc.oftc.net +6697"; - LoadModule = [ "simple_away" "nickserv" ]; + LoadModule = ["simple_away" "nickserv"]; Nick = "bsima"; - Chan = { "#home-manager" = { }; }; + Chan = {"#home-manager" = {};}; }; zeronode = { Server = "irc.zeronode.net +6697"; - LoadModule = [ "simple_away" "nickserv" ]; + LoadModule = ["simple_away" "nickserv"]; Nick = "bsima"; - Chan = { "#NoAgenda" = { }; }; + Chan = {"#NoAgenda" = {};}; }; #sorcery = { # Server = "irc.sorcery.net +6697"; @@ -65,8 +62,7 @@ }; Pass.password = { Method = "sha256"; - Hash = - "bead16d806e7bf5cbbc31d572b20f01e2b253eb60e2497ce465df56306becd02"; + Hash = "bead16d806e7bf5cbbc31d572b20f01e2b253eb60e2497ce465df56306becd02"; Salt = "/GhmBMc+E6b7qd8muFEe"; }; }; |