From 9b75a69bd43faf219966bb3a2e42fae935abd1f0 Mon Sep 17 00:00:00 2001 From: chaos Date: Fri, 8 Sep 2023 21:29:08 +0100 Subject: [PATCH] add slskd, config.mailserver -> services.mailserver, fix gotosocial backups --- .../mail/modules/mailserver/default.nix | 4 +- .../mail/modules/mailserver/dovecot.nix | 2 +- .../mail/modules/mailserver/firewall.nix | 2 +- .../mail/modules/mailserver/opendkim.nix | 2 +- .../mail/modules/mailserver/postfix.nix | 2 +- .../mail/modules/mailserver/rspamd.nix | 2 +- .../mail/modules/mailserver/ssl.nix | 2 +- .../mail/modules/mailserver/vmail.nix | 2 +- .../mail/modules/mailserver/webmail.nix | 2 +- .../containers/mail/profiles/mailserver.nix | 22 +- .../containers/mail/profiles/restic.nix | 2 +- .../containers/music/data/ports.nix | 2 + hosts/hetzner-vm/containers/music/music.nix | 41 +- .../containers/music/profiles/soulseek.nix | 43 ++ .../containers/social/profiles/backups.nix | 2 +- hosts/hetzner-vm/hetzner-vm.nix | 2 +- hosts/hetzner-vm/secrets.nix | 9 + "ic\";" | 392 ++++++++++++++++++ profiles/gui/base/default.nix | 9 +- 19 files changed, 514 insertions(+), 30 deletions(-) create mode 100644 hosts/hetzner-vm/containers/music/profiles/soulseek.nix create mode 100644 "ic\";" diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix index 0e9f1da..73979dd 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix @@ -4,9 +4,9 @@ ... }: with lib; let - cfg = config.mailserver; + cfg = config.services.mailserver; in { - options.mailserver = { + options.services.mailserver = { enable = mkEnableOption "mailserver"; fqdn = mkOption {type = types.str;}; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix index ef5f01d..d306611 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix @@ -4,7 +4,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; vmail_config = mail_config.vmail_config; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix index 6c69bb3..0602a9a 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix @@ -3,7 +3,7 @@ config, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; in { config = lib.mkIf mail_config.enable { networking.firewall = { diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix index 3297ee5..32e2481 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix @@ -5,7 +5,7 @@ ... }: with lib; let - mail_config = config.mailserver; + mail_config = config.services.mailserver; dkimUser = config.services.opendkim.user; dkimGroup = config.services.opendkim.group; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix index 8599bbf..b795a26 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix @@ -4,7 +4,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" '' /^Received:/ IGNORE /^X-Originating-IP:/ IGNORE diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix index 5df6349..be9ae1e 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix @@ -3,7 +3,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; postfixCfg = config.services.postfix; rspamdCfg = config.services.rspamd; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix index f0f26bd..c7d7a61 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix @@ -3,7 +3,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; acmeRoot = "/var/lib/acme/acme-challenge"; in { config = lib.mkIf (mail_config.enable && mail_config.ssl_config.useACME) { diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix index 90ee44f..44a4e42 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix @@ -4,7 +4,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; vmail_config = mail_config.vmail_config; vmail_user = vmail_config.user; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix index 8230c64..e38e194 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix @@ -3,7 +3,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; in { config = lib.mkIf (mail_config.enable && mail_config.enable_roundcube) { services.roundcube = { diff --git a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix index bed2716..3fd9bbf 100644 --- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix +++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix @@ -1,7 +1,11 @@ -{host_secrets, ...}: let +{ + pkgs, + host_secrets, + ... +}: let secrets = host_secrets; in { - config.mailserver = { + services.mailserver = { enable = true; fqdn = "mail.owo.monster"; domains = ["owo.monster"]; @@ -56,15 +60,23 @@ in { }; }; - config.systemd.tmpfiles.rules = [ + systemd.tmpfiles.rules = [ "d /var/sockets - nginx nginx" ]; - config.systemd.services.nginx.serviceConfig.ReadWritePaths = [ + systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/sockets" ]; - config.services.nginx.virtualHosts."mail.owo.monster" = { + services.roundcube = { + package = pkgs.roundcube.withPlugins (plugins: + with pkgs.roundcubePlugins; [ + persistent_login + ]); + plugins = ["persistent_login"]; + }; + + services.nginx.virtualHosts."mail.owo.monster" = { listen = [ { addr = "127.0.0.1"; diff --git a/hosts/hetzner-vm/containers/mail/profiles/restic.nix b/hosts/hetzner-vm/containers/mail/profiles/restic.nix index 18ac0ef..d66cb66 100644 --- a/hosts/hetzner-vm/containers/mail/profiles/restic.nix +++ b/hosts/hetzner-vm/containers/mail/profiles/restic.nix @@ -6,7 +6,7 @@ ... }: let secrets = host_secrets; - mail_config = config.mailserver; + mail_config = config.services.mailserver; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' systemctl start postgresqlBackup-roundcube --wait diff --git a/hosts/hetzner-vm/containers/music/data/ports.nix b/hosts/hetzner-vm/containers/music/data/ports.nix index 4fdaed1..eb14726 100644 --- a/hosts/hetzner-vm/containers/music/data/ports.nix +++ b/hosts/hetzner-vm/containers/music/data/ports.nix @@ -4,4 +4,6 @@ mpd-opus-medium = 4243; mpd-opus-high = 4244; mpd-flac = 4245; + slskd = 5000; + slskd-web = 5001; } diff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix index b199191..6019776 100644 --- a/hosts/hetzner-vm/containers/music/music.nix +++ b/hosts/hetzner-vm/containers/music/music.nix @@ -16,8 +16,12 @@ in { networking.nat.forwardPorts = [ { - sourcePort = 6600; - destination = "${containerIP}\:6600"; + sourcePort = ports.mpd; + destination = "${containerIP}\:${toString ports.mpd}"; + } + { + sourcePort = ports.slskd; + destination = "${containerIP}\:${toString ports.slskd}"; } ]; @@ -26,13 +30,16 @@ in { privateNetwork = true; hostAddress = hostIP; localAddress = containerIP; - bindMounts = lib.mkMerge (lib.forEach ["mpd_control_password"] (secret_name: let - path = "${secrets.${secret_name}.path}"; - in { - "${path}" = { - hostPath = "${path}"; - }; - })); + bindMounts = lib.mkMerge (lib.forEach [ + "mpd_control_password" + "slskd_env" + ] (secret_name: let + path = "${secrets.${secret_name}.path}"; + in { + "${path}" = { + hostPath = "${path}"; + }; + })); config = { config, @@ -51,6 +58,7 @@ in { inputs.home-manager-unstable.nixosModules.home-manager profiles.sshd + profiles.nginx modules.nixos.secrets @@ -59,6 +67,7 @@ in { ++ (with hosts.hetzner-vm.containers.music; [ profiles.music-sync profiles.mpd + profiles.soulseek ]); # For Shared Secrets @@ -84,6 +93,15 @@ in { }; }; + services.nginx.virtualHosts."soulseek.owo.monster" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${containerIP}:${toString ports.slskd-web}"; + proxyWebsockets = true; + }; + }; + services.nginx.virtualHosts."stream.owo.monster" = let extraConfig = '' auth_basic "Music Password"; @@ -117,5 +135,8 @@ in { gid = config.ids.gids.mpd; }; - networking.firewall.allowedTCPPorts = [6600]; + networking.firewall.allowedTCPPorts = with ports; [ + mpd + slskd + ]; } diff --git a/hosts/hetzner-vm/containers/music/profiles/soulseek.nix b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix new file mode 100644 index 0000000..bfa46ee --- /dev/null +++ b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix @@ -0,0 +1,43 @@ +{ + lib, + host_secrets, + ... +}: let + ports = import ../data/ports.nix {}; + secrets = host_secrets; + + inherit (lib.modules) mkForce; +in { + services.slskd = { + enable = true; + openFirewall = true; + environmentFile = secrets.slskd_env.path; + settings = { + remote_configuration = false; + remote_file_management = true; + soulseek = { + username = "chaoticryptidz"; + description = "chaos's soulseek"; + listen_port = ports.slskd; + }; + web = { + port = ports.slskd-web; + authentication = { + username = "chaos"; + }; + }; + shares.directories = [ + "/Music" + ]; + }; + nginx = { + enable = true; # I don't think this is even cheked + domainName = "soulseek.owo.monster"; + }; + }; + + services.nginx.virtualHosts."soulseek.owo.monster" = { + forceSSL = mkForce false; + enableACME = mkForce false; + }; +} diff --git a/hosts/hetzner-vm/containers/social/profiles/backups.nix b/hosts/hetzner-vm/containers/social/profiles/backups.nix index 4d5346b..5e70ca1 100644 --- a/hosts/hetzner-vm/containers/social/profiles/backups.nix +++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix @@ -38,7 +38,7 @@ }/bin/backupPrepareCommand"; backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" '' - rm /var/lib/gotosocial/gts-export.json + rm /var/lib/gotosocial/gts-export.json || true '')}/bin/backupCleanupCommand"; in { environment.systemPackages = with pkgs; [ diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix index 7924a9b..a45dc1f 100644 --- a/hosts/hetzner-vm/hetzner-vm.nix +++ b/hosts/hetzner-vm/hetzner-vm.nix @@ -42,7 +42,7 @@ echo "Host: " systemctl --failed ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: '' - echo "Container: " + echo "Container: ${name}" systemctl -M ${name} --failed ''))} '') diff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix index 30e3f97..98a1ab4 100644 --- a/hosts/hetzner-vm/secrets.nix +++ b/hosts/hetzner-vm/secrets.nix @@ -60,6 +60,15 @@ htpasswd -bc $secretFile "$username" "$password" 2>/dev/null ''; }; + slskd_env = { + fetchScript = '' + soulseek_password=$(simple_get "/passwords/soulseek" .password) + slskd_password=$(simple_get "/passwords/slskd" .password) + echo > $secretFile + echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> $secretFile + echo "SLSKD_PASSWORD=$slskd_password" >> $secretFile + ''; + }; # Container: mail mail_restic_password = { diff --git "a/ic\";" "b/ic\";" new file mode 100644 index 0000000..82f393f --- /dev/null +++ "b/ic\";" @@ -0,0 +1,392 @@ +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix +index 0e9f1da..73979dd 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix +@@ -4,9 +4,9 @@ + ... + }: + with lib; let +- cfg = config.mailserver; ++ cfg = config.services.mailserver; + in { +- options.mailserver = { ++ options.services.mailserver = { + enable = mkEnableOption "mailserver"; +  + fqdn = mkOption {type = types.str;}; +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix +index ef5f01d..d306611 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix +@@ -4,7 +4,7 @@ + lib, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; +  + vmail_config = mail_config.vmail_config; +  +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix +index 6c69bb3..0602a9a 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix +@@ -3,7 +3,7 @@ + config, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; + in { + config = lib.mkIf mail_config.enable { + networking.firewall = { +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix +index 3297ee5..32e2481 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix +@@ -5,7 +5,7 @@ + ... + }: + with lib; let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; + dkimUser = config.services.opendkim.user; + dkimGroup = config.services.opendkim.group; +  +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix +index 8599bbf..b795a26 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix +@@ -4,7 +4,7 @@ + lib, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; + submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" '' + /^Received:/ IGNORE + /^X-Originating-IP:/ IGNORE +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix +index 5df6349..be9ae1e 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix +@@ -3,7 +3,7 @@ + lib, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; +  + postfixCfg = config.services.postfix; + rspamdCfg = config.services.rspamd; +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix +index f0f26bd..c7d7a61 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix +@@ -3,7 +3,7 @@ + lib, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; + acmeRoot = "/var/lib/acme/acme-challenge"; + in { + config = lib.mkIf (mail_config.enable && mail_config.ssl_config.useACME) { +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix +index 90ee44f..44a4e42 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix +@@ -4,7 +4,7 @@ + lib, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; +  + vmail_config = mail_config.vmail_config; + vmail_user = vmail_config.user; +diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix +index 8230c64..e38e194 100644 +--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix ++++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix +@@ -3,7 +3,7 @@ + lib, + ... + }: let +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; + in { + config = lib.mkIf (mail_config.enable && mail_config.enable_roundcube) { + services.roundcube = { +diff --git a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix +index bed2716..3fd9bbf 100644 +--- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix ++++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix +@@ -1,7 +1,11 @@ +-{host_secrets, ...}: let ++{ ++ pkgs, ++ host_secrets, ++ ... ++}: let + secrets = host_secrets; + in { +- config.mailserver = { ++ services.mailserver = { + enable = true; + fqdn = "mail.owo.monster"; + domains = ["owo.monster"]; +@@ -56,15 +60,23 @@ in { + }; + }; +  +- config.systemd.tmpfiles.rules = [ ++ systemd.tmpfiles.rules = [ + "d /var/sockets - nginx nginx" + ]; +  +- config.systemd.services.nginx.serviceConfig.ReadWritePaths = [ ++ systemd.services.nginx.serviceConfig.ReadWritePaths = [ + "/var/sockets" + ]; +  +- config.services.nginx.virtualHosts."mail.owo.monster" = { ++ services.roundcube = { ++ package = pkgs.roundcube.withPlugins (plugins: ++ with pkgs.roundcubePlugins; [ ++ persistent_login ++ ]); ++ plugins = ["persistent_login"]; ++ }; ++ ++ services.nginx.virtualHosts."mail.owo.monster" = { + listen = [ + { + addr = "127.0.0.1"; +diff --git a/hosts/hetzner-vm/containers/mail/profiles/restic.nix b/hosts/hetzner-vm/containers/mail/profiles/restic.nix +index 18ac0ef..d66cb66 100644 +--- a/hosts/hetzner-vm/containers/mail/profiles/restic.nix ++++ b/hosts/hetzner-vm/containers/mail/profiles/restic.nix +@@ -6,7 +6,7 @@ + ... + }: let + secrets = host_secrets; +- mail_config = config.mailserver; ++ mail_config = config.services.mailserver; + backupPrepareCommand = "${ + (pkgs.writeShellScriptBin "backupPrepareCommand" '' + systemctl start postgresqlBackup-roundcube --wait +diff --git a/hosts/hetzner-vm/containers/music/data/ports.nix b/hosts/hetzner-vm/containers/music/data/ports.nix +index 4fdaed1..4209c4b 100644 +--- a/hosts/hetzner-vm/containers/music/data/ports.nix ++++ b/hosts/hetzner-vm/containers/music/data/ports.nix +@@ -4,4 +4,5 @@ + mpd-opus-medium = 4243; + mpd-opus-high = 4244; + mpd-flac = 4245; ++ skskd = 5000; + } +diff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix +index b199191..44e403d 100644 +--- a/hosts/hetzner-vm/containers/music/music.nix ++++ b/hosts/hetzner-vm/containers/music/music.nix +@@ -11,13 +11,22 @@ +  + # Using secrets from Host + secrets = config.services.secrets.secrets; ++ containerName = "music"; ++ ++ socketPathFor = ( ++ name: "/var/lib/nixos-containers/${containerName}/var/sockets/${name}.sock" ++ ); +  + ports = import ./data/ports.nix {}; + in { + networking.nat.forwardPorts = [ + { +- sourcePort = 6600; +- destination = "${containerIP}\:6600"; ++ sourcePort = ports.mpd; ++ destination = "${containerIP}\:${toString ports.mpd}"; ++ } ++ { ++ sourcePort = ports.slskd; ++ destination = "${containerIP}\:${toString ports.slskd}"; + } + ]; +  +@@ -26,13 +35,16 @@ in { + privateNetwork = true; + hostAddress = hostIP; + localAddress = containerIP; +- bindMounts = lib.mkMerge (lib.forEach ["mpd_control_password"] (secret_name: let +- path = "${secrets.${secret_name}.path}"; +- in { +- "${path}" = { +- hostPath = "${path}"; +- }; +- })); ++ bindMounts = lib.mkMerge (lib.forEach [ ++ "mpd_control_password" ++ "slskd_env" ++ ] (secret_name: let ++ path = "${secrets.${secret_name}.path}"; ++ in { ++ "${path}" = { ++ hostPath = "${path}"; ++ }; ++ })); +  + config = { + config, +@@ -51,6 +63,7 @@ in { + inputs.home-manager-unstable.nixosModules.home-manager +  + profiles.sshd ++ profiles.nginx +  + modules.nixos.secrets +  +@@ -59,6 +72,7 @@ in { + ++ (with hosts.hetzner-vm.containers.music; [ + profiles.music-sync + profiles.mpd ++ profiles.soulseek + ]); +  + # For Shared Secrets +@@ -84,6 +98,14 @@ in { + }; + }; +  ++ services.nginx.virtualHosts."soulseek.owo.monster" = { ++ forceSSL = true; ++ enableACME = true; ++ locations."/" = { ++ proxyPass = "http://${containerIP}:80"; ++ }; ++ }; ++ + services.nginx.virtualHosts."stream.owo.monster" = let + extraConfig = '' + auth_basic "Music Password"; +@@ -117,5 +139,8 @@ in { + gid = config.ids.gids.mpd; + }; +  +- networking.firewall.allowedTCPPorts = [6600]; ++ networking.firewall.allowedTCPPorts = with ports; [ ++ mpd ++ slskd ++ ]; + } +diff --git a/hosts/hetzner-vm/containers/music/profiles/soulseek.nix b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix +new file mode 100644 +index 0000000..d7906eb +--- /dev/null ++++ b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix +@@ -0,0 +1,40 @@ ++{ ++ lib, ++ host_secrets, ++ ... ++}: let ++ ports = import ../data/ports.nix {}; ++ secrets = host_secrets; ++ ++ inherit (lib.modules) mkForce; ++in { ++ services.slskd = { ++ enable = true; ++ openFirewall = true; ++ environmentFile = secrets.slskd_env.path; ++ settings = { ++ remote_configuration = false; ++ remote_file_management = true; ++ soulseek = { ++ username = "chaoticryptidz"; ++ description = "chaos's soulseek"; ++ listen_port = ports.slskd; ++ }; ++ web.authentication = { ++ username = "chaos"; ++ }; ++ shares.directories = [ ++ "/Music" ++ ]; ++ }; ++ nginx = { ++ enable = true; # I don't think this is even cheked ++ domainName = "soulseek.owo.monster"; ++ }; ++ }; ++ ++ services.nginx.virtualHosts."soulseek.owo.monster" = { ++ forceSSL = mkForce false; ++ enableACME = mkForce false; ++ }; ++} +diff --git a/hosts/hetzner-vm/containers/social/profiles/backups.nix b/hosts/hetzner-vm/containers/social/profiles/backups.nix +index 4d5346b..5e70ca1 100644 +--- a/hosts/hetzner-vm/containers/social/profiles/backups.nix ++++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix +@@ -38,7 +38,7 @@ + }/bin/backupPrepareCommand"; +  + backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" '' +- rm /var/lib/gotosocial/gts-export.json ++ rm /var/lib/gotosocial/gts-export.json || true + '')}/bin/backupCleanupCommand"; + in { + environment.systemPackages = with pkgs; [ +diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix +index 7924a9b..a45dc1f 100644 +--- a/hosts/hetzner-vm/hetzner-vm.nix ++++ b/hosts/hetzner-vm/hetzner-vm.nix +@@ -42,7 +42,7 @@ + echo "Host: " + systemctl --failed + ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: '' +- echo "Container: " ++ echo "Container: ${name}" + systemctl -M ${name} --failed + ''))} + '') +diff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix +index 30e3f97..98a1ab4 100644 +--- a/hosts/hetzner-vm/secrets.nix ++++ b/hosts/hetzner-vm/secrets.nix +@@ -60,6 +60,15 @@ + htpasswd -bc $secretFile "$username" "$password" 2>/dev/null + ''; + }; ++ slskd_env = { ++ fetchScript = '' ++ soulseek_password=$(simple_get "/passwords/soulseek" .password) ++ slskd_password=$(simple_get "/passwords/slskd" .password) ++ echo > $secretFile ++ echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> $secretFile ++ echo "SLSKD_PASSWORD=$slskd_password" >> $secretFile ++ ''; ++ }; +  + # Container: mail + mail_restic_password = { +diff --git a/profiles/gui/base/default.nix b/profiles/gui/base/default.nix +index 5563f5b..0786b5b 100644 +--- a/profiles/gui/base/default.nix ++++ b/profiles/gui/base/default.nix +@@ -1,6 +1,11 @@ +-{pkgs, lib, config, ...}: let  ++{ ++ pkgs, ++ lib, ++ config, ++ ... ++}: let + inherit (lib.modules) mkIf; +-  ++ + networkManagerEnabled = config.networking.networkmanager.enable; + in { + environment.systemPackages = with pkgs; [ diff --git a/profiles/gui/base/default.nix b/profiles/gui/base/default.nix index 5563f5b..0786b5b 100644 --- a/profiles/gui/base/default.nix +++ b/profiles/gui/base/default.nix @@ -1,6 +1,11 @@ -{pkgs, lib, config, ...}: let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib.modules) mkIf; - + networkManagerEnabled = config.networking.networkmanager.enable; in { environment.systemPackages = with pkgs; [