Infini-OPTIPLEX: transfer services to Infini-DL360

hosts/Infini-DL360/default.nix

@@ -2,6 +2,13 @@
   imports = [
     ./hardware-configuration.nix
     ./disks.nix
+
+    ./factorio.nix
+    ./freshrss.nix
+    ./thelounge.nix
+    ./vaultwarden.nix
+    ./jellyfin.nix
+    ./web.nix
   ];
 
   networking.hostId = "8fa7a57c";

hosts/Infini-DL360/factorio.nix

@@ -0,0 +1,20 @@
+{ config, private, ... }:
+
+{
+  services.factorio = {
+    enable = true;
+    openFirewall = true;
+    loadLatestSave = true;
+
+    stateDir = "/srv/factorio";
+
+    admins = [ "Infinidoge" ];
+
+    game-name = "Hacktorio";
+    game-password = private.variables.factorio-password;
+
+    mapGenSettings = {
+      seed = "2239686687";
+    };
+  };
+}

hosts/Infini-DL360/freshrss.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+
+let
+  domain = "freshrss.inx.moe";
+in
+{
+  services.nginx.virtualHosts.${domain} = config.common.nginx.ssl;
+
+  services.freshrss = {
+    enable = true;
+    virtualHost = domain;
+    baseUrl = "https://${domain}";
+    dataDir = "/srv/freshrss";
+    defaultUser = "infinidoge";
+    passwordFile = config.secrets."freshrss";
+  };
+}

hosts/Infini-DL360/jellyfin.nix

@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+let
+  address = "127.0.0.1";
+  port = 8096;
+  jellyfin = "http://${address}:${toString port}";
+  proxyConfig = ''
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Protocol $scheme;
+    proxy_set_header X-Forwarded-Host $http_host;
+  '';
+in
+{
+  services.nginx.virtualHosts."jellyfin.inx.moe" = config.common.nginx.ssl // {
+    extraConfig = ''
+      client_max_body_size 20M;
+    '';
+
+    locations."= /" = {
+      return = "302 https://$host/web/";
+    };
+
+    locations."/" = {
+      proxyPass = jellyfin;
+      recommendedProxySettings = false;
+      extraConfig = proxyConfig + ''
+        proxy_buffering off;
+      '';
+    };
+
+    locations."= /web/" = {
+      proxyPass = "${jellyfin}/web/index.html";
+      recommendedProxySettings = false;
+      extraConfig = proxyConfig;
+    };
+
+    locations."/socket" = {
+      proxyPass = jellyfin;
+      proxyWebsockets = true;
+      recommendedProxySettings = false;
+      extraConfig = proxyConfig;
+    };
+  };
+
+  services.jellyfin = {
+    enable = true;
+    dataDir = "/srv/jellyfin";
+    openFirewall = true;
+  };
+
+  persist.directories = with config.services.jellyfin; [ dataDir cacheDir logDir ];
+}

hosts/Infini-DL360/thelounge.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts."thelounge.inx.moe" = config.common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.thelounge.port}";
+    };
+  };
+
+  services.thelounge = {
+    enable = true;
+    dataDir = "/srv/thelounge";
+    plugins = with pkgs.theLoungePlugins; [
+      themes.zenburn-monospace
+      themes.dracula
+      themes.discordapp
+    ];
+    port = 9786;
+    extraConfig = {
+      reverseProxy = true;
+    };
+  };
+}

hosts/Infini-DL360/vaultwarden.nix

@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+  persist.directories = [ config.services.vaultwarden.dataDir ];
+
+  services.nginx.virtualHosts."bitwarden.inx.moe" = config.common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+    };
+  };
+
+  services.vaultwarden = {
+    enable = true;
+    environmentFile = config.secrets."vaultwarden";
+    dataDir = "/srv/vaultwarden";
+    config = {
+      DOMAIN = "https://bitwarden.inx.moe";
+      SIGNUPS_ALLOWED = false;
+
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+      ROCKET_LOG = "critical";
+
+      PUSH_ENABLED = true;
+      PUSH_RELAY_URI = "https://push.bitwarden.com";
+
+      SMTP_HOST = "smtp.purelymail.com";
+      SMTP_FROM = "noreply+vaultwarden@inx.moe";
+      SMTP_PORT = 465;
+      SMTP_SECURITY = "force_tls";
+      SMTP_USERNAME = "noreply@inx.moe";
+    };
+  };
+}

hosts/Infini-DL360/web.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+let
+  inherit (config.common.nginx) ssl ssl-optional;
+
+  tryFiles = "$uri $uri.html $uri/ =404";
+  websiteConfig = ''
+    error_page 403 /403.html;
+    error_page 404 /404.html;
+
+    location ^~ /.well-known { allow all; }
+
+    location = /template.html { deny all; }
+    location ~* "\.(nix|lock)" { deny all; }
+    location ~ "/\..+" { deny all; }
+  '';
+
+  mkWebsite = name: ssl // {
+    locations."/" = {
+      root = "/srv/web/${name}";
+      inherit tryFiles;
+      extraConfig = websiteConfig;
+    };
+  };
+
+  mkRedirect = from: to: ssl-optional // { globalRedirect = to; };
+
+  websites = lib.genAttrs [
+    "inx.moe"
+    "stickers.inx.moe"
+  ] mkWebsite;
+
+  redirects = lib.mapAttrs mkRedirect {
+    "nitter.inx.moe" = "twitter.com";
+  };
+in
+{
+  services.nginx.virtualHosts = websites // redirects // {
+    "blahaj.inx.moe" = ssl-optional // {
+      locations."/" = {
+        tryFiles = "/Blahaj.png =404";
+        root = ./static;
+      };
+      locations."/buy" = {
+        return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
+      };
+    };
+    "files.inx.moe" = ssl // {
+      locations."/" = {
+        root = "/srv/web/files.inx.moe";
+        extraConfig = ''
+          autoindex on;
+        '';
+      };
+    };
+  };
+}