spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

stuff

Browse source
This commit is contained in:
baritone 2025-03-04 00:39:43 +01:00
parent faa088191c
commit bb3fd6ee57
11 changed files with 158 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configuration.nix
View file

@ -1,10 +1,12 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [ imports = [
./services/nginx.nix
./services/openssh.nix ./services/openssh.nix
./services/forgejo.nix ./services/forgejo.nix
./services/vaultwarden.nix ./services/vaultwarden.nix
./services/jellyfin.nix ./services/jellyfin.nix
# ./services/mailserver.nix ./services/website.nix
./services/mailserver.nix
./services/misc.nix ./services/misc.nix
./modules/git.nix ./modules/git.nix

4
disko.nix
View file

@ -108,6 +108,10 @@
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/opt"; mountpoint = "/opt";
}; };
media = {
type = "zfs_fs";
mountpoint = "/media";
};
}; };
}; };
}; };

73
flake.lock
View file

@ -23,6 +23,22 @@
"type": "github" "type": "github"
} }
}, },
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -65,6 +81,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -122,12 +154,51 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-24_11": {
"locked": {
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-24_11": "nixpkgs-24_11"
},
"locked": {
"lastModified": 1740437053,
"narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
} }
}, },
"systems": { "systems": {

12
flake.nix
View file

@ -18,6 +18,11 @@
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -31,7 +36,12 @@
formatter.${system} = pkgs.alejandra; formatter.${system} = pkgs.alejandra;
nixosConfigurations = let nixosConfigurations = let
modules = [inputs.disko.nixosModules.default inputs.agenix.nixosModules.default inputs.home-manager.nixosModules.default]; modules = [
inputs.disko.nixosModules.default
inputs.agenix.nixosModules.default
inputs.home-manager.nixosModules.default
inputs.simple-nixos-mailserver.nixosModule
];
in { in {
server-vm = nixpkgs.lib.nixosSystem { server-vm = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};

4
services/fail2ban.nix Normal file
View file

@ -0,0 +1,4 @@
{...}:
{
}

17
services/forgejo.nix
View file

@ -36,19 +36,12 @@ in {
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443]; networking.firewall.allowedUDPPorts = [80 443];
services.nginx = { services.nginx.
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."git.spoodythe.one" = { virtualHosts."git.spoodythe.one" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://${host}:${toString port}"; proxyPass = "http://${host}:${toString port}";
};
}; };
}; };

17
services/jellyfin.nix
View file

@ -31,19 +31,12 @@ in {
# ''; # '';
# }; # };
services.nginx = { services.nginx.
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."media.spoodythe.one" = { virtualHosts."media.spoodythe.one" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://${host}:${toString port}"; proxyPass = "http://${host}:${toString port}";
};
}; };
}; };
} }

35
services/mailserver.nix
View file

@ -1,22 +1,21 @@
{fetchFromGitLab, ...}: { {
imports = [ config,
(fetchFromGitLab { fetchFromGitLab,
owner = "simple-nixos-webserver"; ...
repo = "nixos-mailserver"; }: {
rev = "c8ec4d5e432f5df4838eacd39c11828d23ce66ec";
hash = ""; # TODO: Fill this hash
})
];
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.spoodythe.one"; fqdn = "mail.spoodythe.one";
domains = ["spoodythe.one"]; domains = ["spoodythe.one"];
openFirewall = false;
localDnsResolver = false; # FUCK OFF!!!!
# A list of all login accounts. To create the password hashes, use # A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = { loginAccounts = {
"spoody@spoodythe.one" = { "spoody" = {
hashedPassword = "$2b$05$sTD8VXUF76uu1LOThuOSTOC8iCe2w4jgwExwpP.cnN7UOa.YEO9G2"; hashedPassword = "$2b$05$sTD8VXUF76uu1LOThuOSTOC8iCe2w4jgwExwpP.cnN7UOa.YEO9G2";
aliases = ["admin@spoodythe.one"]; aliases = ["admin@spoodythe.one"];
}; };
@ -27,4 +26,18 @@
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
certificateDomains = ["mail.spoodythe.one"]; certificateDomains = ["mail.spoodythe.one"];
}; };
services.roundcube = {
enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of
# the mailserver
hostName = "webmail.spoodythe.one";
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
} }

9
services/nginx.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}

8
services/vaultwarden.nix
View file

@ -5,8 +5,10 @@ in {
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
environmentFile = "/var/lib/vaultwarden/environment.env";
config = { config = {
DOMAIN = "https://bitwarden.spoodythe.one"; DOMAIN = "https://vaultwarden.spoodythe.one";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = host; ROCKET_ADDRESS = host;
@ -17,7 +19,7 @@ in {
SMTP_PORT = 25; SMTP_PORT = 25;
SMTP_SSL = false; SMTP_SSL = false;
SMTP_FROM = "admin@bitwarden.spoodythe.one"; SMTP_FROM = "vaultwarden@spoodythe.one";
SMTP_FROM_NAME = "SpoodyThe.One Bitwarden Server"; SMTP_FROM_NAME = "SpoodyThe.One Bitwarden Server";
}; };
}; };
@ -25,7 +27,7 @@ in {
networking.firewall.allowedTCPPorts = [port]; networking.firewall.allowedTCPPorts = [port];
networking.firewall.allowedUDPPorts = [port]; networking.firewall.allowedUDPPorts = [port];
services.nginx.virtualHosts."bitwarden.spoodythe.one" = { services.nginx.virtualHosts."vaultwarden.spoodythe.one" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

16
services/website.nix Normal file
View file

@ -0,0 +1,16 @@
{
fetchFromGitLab,
pkgs,
...
}: let
host = "127.0.0.1";
port = 8080;
in {
services.nginx.virtualHosts."spoodythe.one" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
}