chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/ic";

393 lines
16 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix
index 0e9f1da..73979dd 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix
@@ -4,9 +4,9 @@
...
}:
with lib; let
- cfg = config.mailserver;
+ cfg = config.services.mailserver;
in {
- options.mailserver = {
+ options.services.mailserver = {
enable = mkEnableOption "mailserver";

fqdn = mkOption {type = types.str;};
diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix
index ef5f01d..d306611 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix
@@ -4,7 +4,7 @@
lib,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;

vmail_config = mail_config.vmail_config;

diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix
index 6c69bb3..0602a9a 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix
@@ -3,7 +3,7 @@
config,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;
in {
config = lib.mkIf mail_config.enable {
networking.firewall = {
diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix
index 3297ee5..32e2481 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix
@@ -5,7 +5,7 @@
...
}:
with lib; let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;
dkimUser = config.services.opendkim.user;
dkimGroup = config.services.opendkim.group;

diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix
index 8599bbf..b795a26 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix
@@ -4,7 +4,7 @@
lib,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" ''
/^Received:/ IGNORE
/^X-Originating-IP:/ IGNORE
diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix
index 5df6349..be9ae1e 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix
@@ -3,7 +3,7 @@
lib,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;

postfixCfg = config.services.postfix;
rspamdCfg = config.services.rspamd;
diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix
index f0f26bd..c7d7a61 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix
@@ -3,7 +3,7 @@
lib,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;
acmeRoot = "/var/lib/acme/acme-challenge";
in {
config = lib.mkIf (mail_config.enable && mail_config.ssl_config.useACME) {
diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix
index 90ee44f..44a4e42 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix
@@ -4,7 +4,7 @@
lib,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;

vmail_config = mail_config.vmail_config;
vmail_user = vmail_config.user;
diff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix
index 8230c64..e38e194 100644
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix
@@ -3,7 +3,7 @@
lib,
...
}: let
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;
in {
config = lib.mkIf (mail_config.enable && mail_config.enable_roundcube) {
services.roundcube = {
diff --git a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix
index bed2716..3fd9bbf 100644
--- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix
+++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix
@@ -1,7 +1,11 @@
-{host_secrets, ...}: let
+{
+ pkgs,
+ host_secrets,
+ ...
+}: let
secrets = host_secrets;
in {
- config.mailserver = {
+ services.mailserver = {
enable = true;
fqdn = "mail.owo.monster";
domains = ["owo.monster"];
@@ -56,15 +60,23 @@ in {
};
};

- config.systemd.tmpfiles.rules = [
+ systemd.tmpfiles.rules = [
"d /var/sockets - nginx nginx"
];

- config.systemd.services.nginx.serviceConfig.ReadWritePaths = [
+ systemd.services.nginx.serviceConfig.ReadWritePaths = [
"/var/sockets"
];

- config.services.nginx.virtualHosts."mail.owo.monster" = {
+ services.roundcube = {
+ package = pkgs.roundcube.withPlugins (plugins:
+ with pkgs.roundcubePlugins; [
+ persistent_login
+ ]);
+ plugins = ["persistent_login"];
+ };
+
+ services.nginx.virtualHosts."mail.owo.monster" = {
listen = [
{
addr = "127.0.0.1";
diff --git a/hosts/hetzner-vm/containers/mail/profiles/restic.nix b/hosts/hetzner-vm/containers/mail/profiles/restic.nix
index 18ac0ef..d66cb66 100644
--- a/hosts/hetzner-vm/containers/mail/profiles/restic.nix
+++ b/hosts/hetzner-vm/containers/mail/profiles/restic.nix
@@ -6,7 +6,7 @@
...
}: let
secrets = host_secrets;
- mail_config = config.mailserver;
+ mail_config = config.services.mailserver;
backupPrepareCommand = "${
(pkgs.writeShellScriptBin "backupPrepareCommand" ''
systemctl start postgresqlBackup-roundcube --wait
diff --git a/hosts/hetzner-vm/containers/music/data/ports.nix b/hosts/hetzner-vm/containers/music/data/ports.nix
index 4fdaed1..4209c4b 100644
--- a/hosts/hetzner-vm/containers/music/data/ports.nix
+++ b/hosts/hetzner-vm/containers/music/data/ports.nix
@@ -4,4 +4,5 @@
mpd-opus-medium = 4243;
mpd-opus-high = 4244;
mpd-flac = 4245;
+ skskd = 5000;
}
diff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix
index b199191..44e403d 100644
--- a/hosts/hetzner-vm/containers/music/music.nix
+++ b/hosts/hetzner-vm/containers/music/music.nix
@@ -11,13 +11,22 @@

# Using secrets from Host
secrets = config.services.secrets.secrets;
+ containerName = "music";
+
+ socketPathFor = (
+ name: "/var/lib/nixos-containers/${containerName}/var/sockets/${name}.sock"
+ );

ports = import ./data/ports.nix {};
in {
networking.nat.forwardPorts = [
{
- sourcePort = 6600;
- destination = "${containerIP}\:6600";
+ sourcePort = ports.mpd;
+ destination = "${containerIP}\:${toString ports.mpd}";
+ }
+ {
+ sourcePort = ports.slskd;
+ destination = "${containerIP}\:${toString ports.slskd}";
}
];

@@ -26,13 +35,16 @@ in {
privateNetwork = true;
hostAddress = hostIP;
localAddress = containerIP;
- bindMounts = lib.mkMerge (lib.forEach ["mpd_control_password"] (secret_name: let
- path = "${secrets.${secret_name}.path}";
- in {
- "${path}" = {
- hostPath = "${path}";
- };
- }));
+ bindMounts = lib.mkMerge (lib.forEach [
+ "mpd_control_password"
+ "slskd_env"
+ ] (secret_name: let
+ path = "${secrets.${secret_name}.path}";
+ in {
+ "${path}" = {
+ hostPath = "${path}";
+ };
+ }));

config = {
config,
@@ -51,6 +63,7 @@ in {
inputs.home-manager-unstable.nixosModules.home-manager

profiles.sshd
+ profiles.nginx

modules.nixos.secrets

@@ -59,6 +72,7 @@ in {
++ (with hosts.hetzner-vm.containers.music; [
profiles.music-sync
profiles.mpd
+ profiles.soulseek
]);

# For Shared Secrets
@@ -84,6 +98,14 @@ in {
};
};

+ services.nginx.virtualHosts."soulseek.owo.monster" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://${containerIP}:80";
+ };
+ };
+
services.nginx.virtualHosts."stream.owo.monster" = let
extraConfig = ''
auth_basic "Music Password";
@@ -117,5 +139,8 @@ in {
gid = config.ids.gids.mpd;
};

- networking.firewall.allowedTCPPorts = [6600];
+ networking.firewall.allowedTCPPorts = with ports; [
+ mpd
+ slskd
+ ];
}
diff --git a/hosts/hetzner-vm/containers/music/profiles/soulseek.nix b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix
new file mode 100644
index 0000000..d7906eb
--- /dev/null
+++ b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix
@@ -0,0 +1,40 @@
+{
+ lib,
+ host_secrets,
+ ...
+}: let
+ ports = import ../data/ports.nix {};
+ secrets = host_secrets;
+
+ inherit (lib.modules) mkForce;
+in {
+ services.slskd = {
+ enable = true;
+ openFirewall = true;
+ environmentFile = secrets.slskd_env.path;
+ settings = {
+ remote_configuration = false;
+ remote_file_management = true;
+ soulseek = {
+ username = "chaoticryptidz";
+ description = "chaos's soulseek";
+ listen_port = ports.slskd;
+ };
+ web.authentication = {
+ username = "chaos";
+ };
+ shares.directories = [
+ "/Music"
+ ];
+ };
+ nginx = {
+ enable = true; # I don't think this is even cheked
+ domainName = "soulseek.owo.monster";
+ };
+ };
+
+ services.nginx.virtualHosts."soulseek.owo.monster" = {
+ forceSSL = mkForce false;
+ enableACME = mkForce false;
+ };
+}
diff --git a/hosts/hetzner-vm/containers/social/profiles/backups.nix b/hosts/hetzner-vm/containers/social/profiles/backups.nix
index 4d5346b..5e70ca1 100644
--- a/hosts/hetzner-vm/containers/social/profiles/backups.nix
+++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix
@@ -38,7 +38,7 @@
}/bin/backupPrepareCommand";

backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" ''
- rm /var/lib/gotosocial/gts-export.json
+ rm /var/lib/gotosocial/gts-export.json || true
'')}/bin/backupCleanupCommand";
in {
environment.systemPackages = with pkgs; [
diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix
index 7924a9b..a45dc1f 100644
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@@ -42,7 +42,7 @@
echo "Host: "
systemctl --failed
${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
- echo "Container: "
+ echo "Container: ${name}"
systemctl -M ${name} --failed
''))}
'')
diff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix
index 30e3f97..98a1ab4 100644
--- a/hosts/hetzner-vm/secrets.nix
+++ b/hosts/hetzner-vm/secrets.nix
@@ -60,6 +60,15 @@
htpasswd -bc $secretFile "$username" "$password" 2>/dev/null
'';
};
+ slskd_env = {
+ fetchScript = ''
+ soulseek_password=$(simple_get "/passwords/soulseek" .password)
+ slskd_password=$(simple_get "/passwords/slskd" .password)
+ echo > $secretFile
+ echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> $secretFile
+ echo "SLSKD_PASSWORD=$slskd_password" >> $secretFile
+ '';
+ };

# Container: mail
mail_restic_password = {
diff --git a/profiles/gui/base/default.nix b/profiles/gui/base/default.nix
index 5563f5b..0786b5b 100644
--- a/profiles/gui/base/default.nix
+++ b/profiles/gui/base/default.nix
@@ -1,6 +1,11 @@
-{pkgs, lib, config, ...}: let 
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}: let
inherit (lib.modules) mkIf;
- 
+
networkManagerEnabled = config.networking.networkmanager.enable;
in {
environment.systemPackages = with pkgs; [
Reference in a new issue View git blame Copy permalink