chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

add jitsi, nginx and vault

Browse source
This commit is contained in:
ChaotiCryptidz 2021-12-28 21:42:46 +00:00
parent cc2cd020b5
commit 5db013afa0
13 changed files with 100 additions and 171 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

116
flake.lock
View file

@ -36,35 +36,6 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1627913399,
"narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
"type": "github"
},
"original": {
"id": "flake-compat",
"type": "indirect"
}
},
"flake-utils": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs_2"
@ -83,40 +54,6 @@
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1632468475,
"narHash": "sha256-NNOm9CbdA8cuwbvaBHslGbPTiU6bh1Ao+MpEPx4rSGo=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "6bd668af3fd098bdd07a1bedd399564141e275da",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1633098935,
"narHash": "sha256-UtuBczommNLwUNEnfRI7822z4vPA7OoRKsgAZ8zsHQI=",
"owner": "nixos",
"repo": "nix",
"rev": "4f496150eb4e0012914c11f0a3ff4df2412b1d09",
"type": "github"
},
"original": {
"id": "nix",
"type": "indirect"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1632086102,
@ -163,41 +100,11 @@
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05-small",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1632495107,
"narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=",
"owner": "serokell",
"repo": "nixpkgs",
"rev": "be220b2dc47092c1e739bf6aaf630f29e71fe1c4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_3",
"vault-secrets": "vault-secrets"
"nixpkgs": "nixpkgs_3"
}
},
"utils": {
@ -214,27 +121,6 @@
"repo": "flake-utils",
"type": "github"
}
},
"vault-secrets": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nix": "nix",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1633626134,
"narHash": "sha256-fvd+l1iuH+ufwNIt6ppZnIfMs+BEj5dtIAKmGKTbaCQ=",
"owner": "serokell",
"repo": "vault-secrets",
"rev": "1bf4a02eea83d3042bd3d1e2f2266b15077b48b4",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "vault-secrets",
"type": "github"
}
}
},
"root": "root",

1
flake.nix
View file

@ -5,7 +5,6 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
deploy-rs.url = "github:serokell/deploy-rs";
vault-secrets.url = "github:serokell/vault-secrets";
};
outputs = { ... }@inputs: import ./outputs.nix inputs;

1
home/base/zsh.nix
View file

@ -27,7 +27,6 @@
log = "journalctl";
dmesg = "dmesg -HP";
hg = "history 0 | rg";
vaulttest = "echo nothing";
};
};
programs.direnv = {

2
home/dev/vcs.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: {
home.packages = with pkgs; [ gitAndTools.gitFull darcs subversion ];
home.packages = with pkgs; [ gitAndTools.gitFull ];
}

6
hosts/hetzner-vm/hetzner-vm.nix
View file

@ -3,9 +3,15 @@
{
imports = with tree; [
users.chaoticryptidz
profiles.tailscale
profiles.sshd
hosts.hetzner-vm.services.nginx
hosts.hetzner-vm.services.invidious
hosts.hetzner-vm.services.vault
hosts.hetzner-vm.services.jitsi
(modulesPath + "/profiles/qemu-guest.nix")
];

75
hosts/hetzner-vm/services/invidious.nix
View file

@ -1,35 +1,42 @@
{...}: {
services.invidious = {
enable = true;
port = 3000;
settings = {
full_refresh = true;
https_only = true;
popular_enabled = false;
statistics_enabled = true;
registration_enabled = true;
channel_threads = 2;
feed_threads = 2;
default_user_preferences = {
locale = "en-US";
region = "GB";
captions = ["English (auto-generated)" "English" ""];
dark_mode = true;
feed_menu = ["Subscriptions" "Popular"];
default_home = "Subscriptions";
max_results = 30;
annotations = true;
annotations_subscribed = true;
comments = [];
player_style = "invidious";
related_videos = true;
autoplay = true;
continue = false;
continue_autoplay = true;
quality = "hd720";
local = false;
};
};
{ ... }: {
services.invidious = {
enable = true;
port = 3000;
settings = {
full_refresh = true;
https_only = true;
popular_enabled = false;
statistics_enabled = true;
registration_enabled = true;
channel_threads = 2;
feed_threads = 2;
default_user_preferences = {
locale = "en-US";
region = "GB";
captions = [ "English (auto-generated)" "English" "" ];
dark_mode = true;
feed_menu = [ "Subscriptions" "Popular" ];
default_home = "Subscriptions";
max_results = 30;
annotations = true;
annotations_subscribed = true;
comments = [ ];
player_style = "invidious";
related_videos = true;
autoplay = true;
continue = false;
continue_autoplay = true;
quality = "hd720";
local = false;
};
};
networking.firewall.allowedTCPPorts = [ 3000 ];
}
};
services.nginx.virtualHosts."invidious-unproxied.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = { "/".proxyPass = "http://127.0.0.1:3000"; };
};
#networking.firewall.allowedTCPPorts = [ 3000 ];
}

9
hosts/hetzner-vm/services/jitsi.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }: {
services.jitsi-meet.enable = true;
services.jitsi-meet.hostName = "jitsi.owo.monster";
services.jitsi-meet.nginx.enable = true;
services.nginx.virtualHosts."jitsi.owo.monster" = {
forceSSL = true;
enableACME = true;
};
}

16
hosts/hetzner-vm/services/nginx.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
security.acme = {
email = "chaoticryptidz@owo.monster";
acceptTerms = true;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = "";
clientMaxBodySize = "512m";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

17
hosts/hetzner-vm/services/vault.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, ... }: {
services.vault = {
enable = true;
package = pkgs.vault-bin;
address = "127.0.0.1:8200";
storageBackend = "file";
extraConfig = ''
ui = true
'';
};
services.nginx.virtualHosts."vault.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = { "/".proxyPass = "http://127.0.0.1:8200"; };
};
#networking.firewall.allowedTCPPorts = [ 8200 ];
}

3
hosts/lappy/lappy.nix
View file

@ -12,9 +12,6 @@
profiles.sway
profiles.dnscrypt
#profiles.gaming
# so i can build nixos mobile
profiles.vault-secrets
# for sci-hub and whenever websites break
profiles.tor

1
modules/home/keep.nix Normal file
View file

@ -0,0 +1 @@
{...}: {}

10
outputs.nix
View file

@ -1,4 +1,4 @@
{ self, nixpkgs, home-manager, vault-secrets, deploy-rs, ... }@inputs:
{ self, nixpkgs, home-manager, deploy-rs, ... }@inputs:
let
mkTree = import ./tree.nix { inherit (nixpkgs) lib; };
tree = mkTree {
@ -15,7 +15,13 @@ let
functor = {
enable = true;
external = [
(import (inputs.vault-secrets + "/modules/vault-secrets.nix"))
];
};
};
"modules/home" = {
functor = {
enable = true;
external = [
];
};
};

14
profiles/vault-secrets/vault.nix
View file

@ -1,14 +0,0 @@
{ config, ... }:
let
vs = config.vault-secrets.secrets;
in {
vault-secrets = {
# This applies to all secrets
vaultPrefix = "nixos/servers/${config.networking.hostName}";
vaultAddress = "https://vault.cryptidz.qcx.io";
# Define a secret called `something`, with default options.
secrets.example = {};
};
}