diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix index 0e9f1da..73979dd 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix @@ -4,9 +4,9 @@ ... }: with lib; let - cfg = config.mailserver; + cfg = config.services.mailserver; in { - options.mailserver = { + options.services.mailserver = { enable = mkEnableOption "mailserver";  fqdn = mkOption {type = types.str;}; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix index ef5f01d..d306611 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix @@ -4,7 +4,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver;  vmail_config = mail_config.vmail_config;  diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix index 6c69bb3..0602a9a 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix @@ -3,7 +3,7 @@ config, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; in { config = lib.mkIf mail_config.enable { networking.firewall = { diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix index 3297ee5..32e2481 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix @@ -5,7 +5,7 @@ ... }: with lib; let - mail_config = config.mailserver; + mail_config = config.services.mailserver; dkimUser = config.services.opendkim.user; dkimGroup = config.services.opendkim.group;  diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix index 8599bbf..b795a26 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix @@ -4,7 +4,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" '' /^Received:/ IGNORE /^X-Originating-IP:/ IGNORE diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix index 5df6349..be9ae1e 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix @@ -3,7 +3,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver;  postfixCfg = config.services.postfix; rspamdCfg = config.services.rspamd; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix index f0f26bd..c7d7a61 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix @@ -3,7 +3,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; acmeRoot = "/var/lib/acme/acme-challenge"; in { config = lib.mkIf (mail_config.enable && mail_config.ssl_config.useACME) { diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix index 90ee44f..44a4e42 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix @@ -4,7 +4,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver;  vmail_config = mail_config.vmail_config; vmail_user = vmail_config.user; diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix index 8230c64..e38e194 100644 --- a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix +++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix @@ -3,7 +3,7 @@ lib, ... }: let - mail_config = config.mailserver; + mail_config = config.services.mailserver; in { config = lib.mkIf (mail_config.enable && mail_config.enable_roundcube) { services.roundcube = { diff --git a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix index bed2716..3fd9bbf 100644 --- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix +++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix @@ -1,7 +1,11 @@ -{host_secrets, ...}: let +{ + pkgs, + host_secrets, + ... +}: let secrets = host_secrets; in { - config.mailserver = { + services.mailserver = { enable = true; fqdn = "mail.owo.monster"; domains = ["owo.monster"]; @@ -56,15 +60,23 @@ in { }; };  - config.systemd.tmpfiles.rules = [ + systemd.tmpfiles.rules = [ "d /var/sockets - nginx nginx" ];  - config.systemd.services.nginx.serviceConfig.ReadWritePaths = [ + systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/sockets" ];  - config.services.nginx.virtualHosts."mail.owo.monster" = { + services.roundcube = { + package = pkgs.roundcube.withPlugins (plugins: + with pkgs.roundcubePlugins; [ + persistent_login + ]); + plugins = ["persistent_login"]; + }; + + services.nginx.virtualHosts."mail.owo.monster" = { listen = [ { addr = "127.0.0.1"; diff --git a/hosts/hetzner-vm/containers/mail/profiles/restic.nix b/hosts/hetzner-vm/containers/mail/profiles/restic.nix index 18ac0ef..d66cb66 100644 --- a/hosts/hetzner-vm/containers/mail/profiles/restic.nix +++ b/hosts/hetzner-vm/containers/mail/profiles/restic.nix @@ -6,7 +6,7 @@ ... }: let secrets = host_secrets; - mail_config = config.mailserver; + mail_config = config.services.mailserver; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' systemctl start postgresqlBackup-roundcube --wait diff --git a/hosts/hetzner-vm/containers/music/data/ports.nix b/hosts/hetzner-vm/containers/music/data/ports.nix index 4fdaed1..4209c4b 100644 --- a/hosts/hetzner-vm/containers/music/data/ports.nix +++ b/hosts/hetzner-vm/containers/music/data/ports.nix @@ -4,4 +4,5 @@ mpd-opus-medium = 4243; mpd-opus-high = 4244; mpd-flac = 4245; + skskd = 5000; } diff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix index b199191..44e403d 100644 --- a/hosts/hetzner-vm/containers/music/music.nix +++ b/hosts/hetzner-vm/containers/music/music.nix @@ -11,13 +11,22 @@  # Using secrets from Host secrets = config.services.secrets.secrets; + containerName = "music"; + + socketPathFor = ( + name: "/var/lib/nixos-containers/${containerName}/var/sockets/${name}.sock" + );  ports = import ./data/ports.nix {}; in { networking.nat.forwardPorts = [ { - sourcePort = 6600; - destination = "${containerIP}\:6600"; + sourcePort = ports.mpd; + destination = "${containerIP}\:${toString ports.mpd}"; + } + { + sourcePort = ports.slskd; + destination = "${containerIP}\:${toString ports.slskd}"; } ];  @@ -26,13 +35,16 @@ in { privateNetwork = true; hostAddress = hostIP; localAddress = containerIP; - bindMounts = lib.mkMerge (lib.forEach ["mpd_control_password"] (secret_name: let - path = "${secrets.${secret_name}.path}"; - in { - "${path}" = { - hostPath = "${path}"; - }; - })); + bindMounts = lib.mkMerge (lib.forEach [ + "mpd_control_password" + "slskd_env" + ] (secret_name: let + path = "${secrets.${secret_name}.path}"; + in { + "${path}" = { + hostPath = "${path}"; + }; + }));  config = { config, @@ -51,6 +63,7 @@ in { inputs.home-manager-unstable.nixosModules.home-manager  profiles.sshd + profiles.nginx  modules.nixos.secrets  @@ -59,6 +72,7 @@ in { ++ (with hosts.hetzner-vm.containers.music; [ profiles.music-sync profiles.mpd + profiles.soulseek ]);  # For Shared Secrets @@ -84,6 +98,14 @@ in { }; };  + services.nginx.virtualHosts."soulseek.owo.monster" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${containerIP}:80"; + }; + }; + services.nginx.virtualHosts."stream.owo.monster" = let extraConfig = '' auth_basic "Music Password"; @@ -117,5 +139,8 @@ in { gid = config.ids.gids.mpd; };  - networking.firewall.allowedTCPPorts = [6600]; + networking.firewall.allowedTCPPorts = with ports; [ + mpd + slskd + ]; } diff --git a/hosts/hetzner-vm/containers/music/profiles/soulseek.nix b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix new file mode 100644 index 0000000..d7906eb --- /dev/null +++ b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix @@ -0,0 +1,40 @@ +{ + lib, + host_secrets, + ... +}: let + ports = import ../data/ports.nix {}; + secrets = host_secrets; + + inherit (lib.modules) mkForce; +in { + services.slskd = { + enable = true; + openFirewall = true; + environmentFile = secrets.slskd_env.path; + settings = { + remote_configuration = false; + remote_file_management = true; + soulseek = { + username = "chaoticryptidz"; + description = "chaos's soulseek"; + listen_port = ports.slskd; + }; + web.authentication = { + username = "chaos"; + }; + shares.directories = [ + "/Music" + ]; + }; + nginx = { + enable = true; # I don't think this is even cheked + domainName = "soulseek.owo.monster"; + }; + }; + + services.nginx.virtualHosts."soulseek.owo.monster" = { + forceSSL = mkForce false; + enableACME = mkForce false; + }; +} diff --git a/hosts/hetzner-vm/containers/social/profiles/backups.nix b/hosts/hetzner-vm/containers/social/profiles/backups.nix index 4d5346b..5e70ca1 100644 --- a/hosts/hetzner-vm/containers/social/profiles/backups.nix +++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix @@ -38,7 +38,7 @@ }/bin/backupPrepareCommand";  backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" '' - rm /var/lib/gotosocial/gts-export.json + rm /var/lib/gotosocial/gts-export.json || true '')}/bin/backupCleanupCommand"; in { environment.systemPackages = with pkgs; [ diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix index 7924a9b..a45dc1f 100644 --- a/hosts/hetzner-vm/hetzner-vm.nix +++ b/hosts/hetzner-vm/hetzner-vm.nix @@ -42,7 +42,7 @@ echo "Host: " systemctl --failed ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: '' - echo "Container: " + echo "Container: ${name}" systemctl -M ${name} --failed ''))} '') diff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix index 30e3f97..98a1ab4 100644 --- a/hosts/hetzner-vm/secrets.nix +++ b/hosts/hetzner-vm/secrets.nix @@ -60,6 +60,15 @@ htpasswd -bc $secretFile "$username" "$password" 2>/dev/null ''; }; + slskd_env = { + fetchScript = '' + soulseek_password=$(simple_get "/passwords/soulseek" .password) + slskd_password=$(simple_get "/passwords/slskd" .password) + echo > $secretFile + echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> $secretFile + echo "SLSKD_PASSWORD=$slskd_password" >> $secretFile + ''; + };  # Container: mail mail_restic_password = { diff --git a/profiles/gui/base/default.nix b/profiles/gui/base/default.nix index 5563f5b..0786b5b 100644 --- a/profiles/gui/base/default.nix +++ b/profiles/gui/base/default.nix @@ -1,6 +1,11 @@ -{pkgs, lib, config, ...}: let  +{ + pkgs, + lib, + config, + ... +}: let inherit (lib.modules) mkIf; -  + networkManagerEnabled = config.networking.networkmanager.enable; in { environment.systemPackages = with pkgs; [