spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

stuff

Browse source
This commit is contained in:
baritone 2025-03-04 00:39:43 +01:00
parent faa088191c
commit bb3fd6ee57
11 changed files with 158 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configuration.nix
View file

@ -1,10 +1,12 @@
{pkgs, ...}: {
imports = [
./services/nginx.nix
./services/openssh.nix
./services/forgejo.nix
./services/vaultwarden.nix
./services/jellyfin.nix
# ./services/mailserver.nix
./services/website.nix
./services/mailserver.nix
./services/misc.nix
./modules/git.nix

4
disko.nix
View file

@ -108,6 +108,10 @@
type = "zfs_fs";
mountpoint = "/opt";
};
media = {
type = "zfs_fs";
mountpoint = "/media";
};
};
};
};

73
flake.lock
View file

@ -23,6 +23,22 @@
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -65,6 +81,22 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -122,12 +154,51 @@
"type": "github"
}
},
"nixpkgs-24_11": {
"locked": {
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-24_11": "nixpkgs-24_11"
},
"locked": {
"lastModified": 1740437053,
"narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"systems": {

12
flake.nix
View file

@ -18,6 +18,11 @@
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@ -31,7 +36,12 @@
formatter.${system} = pkgs.alejandra;
nixosConfigurations = let
modules = [inputs.disko.nixosModules.default inputs.agenix.nixosModules.default inputs.home-manager.nixosModules.default];
modules = [
inputs.disko.nixosModules.default
inputs.agenix.nixosModules.default
inputs.home-manager.nixosModules.default
inputs.simple-nixos-mailserver.nixosModule
];
in {
server-vm = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};

4
services/fail2ban.nix Normal file
View file

@ -0,0 +1,4 @@
{...}:
{
}

17
services/forgejo.nix
View file

@ -36,19 +36,12 @@ in {
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
services.nginx.
virtualHosts."git.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};

17
services/jellyfin.nix
View file

@ -31,19 +31,12 @@ in {
# '';
# };
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
services.nginx.
virtualHosts."media.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
}

35
services/mailserver.nix
View file

@ -1,22 +1,21 @@
{fetchFromGitLab, ...}: {
imports = [
(fetchFromGitLab {
owner = "simple-nixos-webserver";
repo = "nixos-mailserver";
rev = "c8ec4d5e432f5df4838eacd39c11828d23ce66ec";
hash = ""; # TODO: Fill this hash
})
];
{
config,
fetchFromGitLab,
...
}: {
mailserver = {
enable = true;
fqdn = "mail.spoodythe.one";
domains = ["spoodythe.one"];
openFirewall = false;
localDnsResolver = false; # FUCK OFF!!!!
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"spoody@spoodythe.one" = {
"spoody" = {
hashedPassword = "$2b$05$sTD8VXUF76uu1LOThuOSTOC8iCe2w4jgwExwpP.cnN7UOa.YEO9G2";
aliases = ["admin@spoodythe.one"];
};
@ -27,4 +26,18 @@
certificateScheme = "acme-nginx";
certificateDomains = ["mail.spoodythe.one"];
};
services.roundcube = {
enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of
# the mailserver
hostName = "webmail.spoodythe.one";
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
}

9
services/nginx.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}

8
services/vaultwarden.nix
View file

@ -5,8 +5,10 @@ in {
services.vaultwarden = {
enable = true;
environmentFile = "/var/lib/vaultwarden/environment.env";
config = {
DOMAIN = "https://bitwarden.spoodythe.one";
DOMAIN = "https://vaultwarden.spoodythe.one";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = host;
@ -17,7 +19,7 @@ in {
SMTP_PORT = 25;
SMTP_SSL = false;
SMTP_FROM = "admin@bitwarden.spoodythe.one";
SMTP_FROM = "vaultwarden@spoodythe.one";
SMTP_FROM_NAME = "SpoodyThe.One Bitwarden Server";
};
};
@ -25,7 +27,7 @@ in {
networking.firewall.allowedTCPPorts = [port];
networking.firewall.allowedUDPPorts = [port];
services.nginx.virtualHosts."bitwarden.spoodythe.one" = {
services.nginx.virtualHosts."vaultwarden.spoodythe.one" = {
enableACME = true;
forceSSL = true;
locations."/" = {

16
services/website.nix Normal file
View file

@ -0,0 +1,16 @@
{
fetchFromGitLab,
pkgs,
...
}: let
host = "127.0.0.1";
port = 8080;
in {
services.nginx.virtualHosts."spoodythe.one" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
}