diff --git a/bin/addtovpn.sh b/bin/addtovpn.sh deleted file mode 100755 index ffc32d4..0000000 --- a/bin/addtovpn.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -name=$1 -number=$2 -address="192.168.200.$number/32" - -private=$(wg genkey) -public=$(echo "$private" | wg pubkey) -psk=$(wg genpsk) - -cat << EOF > /tmp/$name.conf -[Interface] -Address = $address -PrivateKey = $private -DNS = 1.1.1.1 - -[Peer] -PublicKey = $(cat /etc/secrets/wireguard/public) -PresharedKey = $psk -Endpoint = vpn.inx.moe:51820 -AllowedIPs = 0.0.0.0/0 -EOF - -cat << EOF >> /tmp/wireguard-config.nix -{ - name = "$name"; - publicKey = "$public"; - presharedKey = "$psk"; - allowedIPs = ip $number; -} -EOF diff --git a/flake.lock b/flake.lock index 6f6d124..478b214 100644 --- a/flake.lock +++ b/flake.lock @@ -206,29 +206,6 @@ "type": "github" } }, - "copyparty": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753651064, - "narHash": "sha256-k405QhnJ0kpX2/EvBDX5SdWTbkhhQKHaRGwsLwiPPCk=", - "owner": "9001", - "repo": "copyparty", - "rev": "d197e754b9691f9c4277278396b230c98c3bd228", - "type": "github" - }, - "original": { - "owner": "9001", - "repo": "copyparty", - "type": "github" - } - }, "crane": { "locked": { "lastModified": 1739936662, @@ -733,11 +710,11 @@ ] }, "locked": { - "lastModified": 1752863484, - "narHash": "sha256-0xUULcxlaxbqknWbGmMrTkvXizQqj2K+gJXEyRMh/dk=", + "lastModified": 1750906391, + "narHash": "sha256-zLR0SM1oUewUpZL+WCF7IgtfxcXw7bRl+P285mkX9Ug=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "35ee5b4387265a0682eb0cd556c0345439c0145a", + "rev": "e8575513ca4495e12073824ebd8bfc88c68ee011", "type": "github" }, "original": { @@ -877,11 +854,11 @@ }, "private": { "locked": { - "lastModified": 1754018037, - "narHash": "sha256-zG6wWTKBorCaFvD8X0jQV8R6JLuJ/NBEDTo2GAE7v1g=", + "lastModified": 1752168841, + "narHash": "sha256-pgK70x5RQ7hD0s8j21TwdM7aNesdgqt0zbm6U1Ua098=", "ref": "refs/heads/master", - "rev": "31e2ac721e711ba2e8fe7af135beeaf3aac4ce23", - "revCount": 60, + "rev": "b8d3a313856a3eb41fdd4061f3d36f95168d123c", + "revCount": 52, "type": "git", "url": "ssh://git@github.com/Infinidoge/universe-private" }, @@ -984,7 +961,6 @@ "authentik-nix": "authentik-nix", "blank": "blank", "conduwuit": "conduwuit", - "copyparty": "copyparty", "devshell": "devshell", "disko": "disko", "drasl": "drasl", diff --git a/flake.nix b/flake.nix index 66fb14d..a90b09d 100644 --- a/flake.nix +++ b/flake.nix @@ -72,9 +72,6 @@ ## Authentik authentik-nix.url = "github:nix-community/authentik-nix"; - # Misc - copyparty.url = "github:9001/copyparty"; - ### Cleanup ### ## Common blank.url = "github:divnix/blank"; @@ -103,8 +100,6 @@ conduwuit.inputs.flake-compat.follows = "blank"; conduwuit.inputs.flake-utils.follows = "flake-utils"; conduwuit.inputs.nixpkgs.follows = "nixpkgs"; - copyparty.inputs.flake-utils.follows = "flake-utils"; - copyparty.inputs.nixpkgs.follows = "nixpkgs"; devshell.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs"; drasl.inputs.nixpkgs.follows = "nixpkgs"; @@ -217,7 +212,6 @@ # --- Domain-Specific Overlays inputs.agenix.overlays.default - inputs.copyparty.overlays.default inputs.nil.overlays.default inputs.nix-minecraft.overlay inputs.qtile.overlays.default @@ -266,7 +260,6 @@ inputs.hydra.nixosModules.overlayNixpkgsForThisHydra inputs.nix-minecraft.nixosModules.minecraft-servers inputs.drasl.nixosModules.drasl - inputs.copyparty.nixosModules.default ] ++ (self.lib.leaves ./modules); }) (self.lib.flattenLeaves ./hosts); diff --git a/hosts/Infini-DL360/continuwuity.nix b/hosts/Infini-DL360/conduwuit.nix similarity index 85% rename from hosts/Infini-DL360/continuwuity.nix rename to hosts/Infini-DL360/conduwuit.nix index fd5662c..8116a51 100644 --- a/hosts/Infini-DL360/continuwuity.nix +++ b/hosts/Infini-DL360/conduwuit.nix @@ -1,18 +1,20 @@ { config, common, + inputs, ... }: let domain = common.subdomain "matrix"; - cfg = config.services.matrix-continuwuity; + cfg = config.services.conduwuit-vendor; host = "http://localhost:${toString cfg.settings.global.port}"; in { - persist.directories = [ "/var/lib/private/continuwuity" ]; + persist.directories = [ "/var/lib/private/conduwuit" ]; - services.matrix-continuwuity = { + services.conduwuit-vendor = { enable = true; + package = inputs.conduwuit.packages.x86_64-linux.default; settings = { global = { allow_registration = false; diff --git a/hosts/Infini-DL360/copyparty.nix b/hosts/Infini-DL360/copyparty.nix deleted file mode 100644 index 7172f05..0000000 --- a/hosts/Infini-DL360/copyparty.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - common, - config, - private, - ... -}: -let - authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass; -in -{ - services.copyparty = { - enable = true; - - settings = { - e2dsa = true; - e2ts = true; - ansi = true; - - # OAuth2 - idp-h-usr = "X-authentik-username"; - idp-h-key = private.variables.copyparty-key; - xff-src = "lan"; - - # BUG: These are not properly set in the copyparty module, as changing any settings removes them from default - no-reload = true; - hist = "/var/cache/copyparty"; - }; - - volumes = { - "/" = { - path = "/srv/web/files.inx.moe"; - access = { - rh = "*"; - A = [ "infinidoge" ]; - }; - }; - "/p" = { - path = "/srv/web/files.inx.moe/p"; - access = { - h = "*"; - A = [ "infinidoge" ]; - }; - }; - }; - }; - - services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // { - locations."/" = { - proxyPass = "http://localhost:3923"; - proxyWebsockets = true; - extraConfig = '' - auth_request /outpost.goauthentik.io/auth/nginx; - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - - auth_request_set $authentik_username $upstream_http_x_authentik_username; - proxy_set_header X-authentik-username $authentik_username; - proxy_set_header ${private.variables.copyparty-key} "OK"; - ''; - }; - locations."/outpost.goauthentik.io" = { - proxyPass = "${authentik_internal}/outpost.goauthentik.io"; - extraConfig = '' - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - add_header Set-Cookie $auth_cookie; - auth_request_set $auth_cookie $upstream_http_set_cookie; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - ''; - }; - locations."/oauth/authorize" = { - extraConfig = '' - add_header Set-Cookie $auth_cookie; - return 302 /outpost.goauthentik.io/start?rd=/; - ''; - }; - }; -} diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index 4633e5d..e58a917 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -11,10 +11,8 @@ ./secrets private.nixosModules.minecraft-servers - private.nixosModules.wireguard ./authentik.nix - ./continuwuity.nix - ./copyparty.nix + ./conduwuit.nix ./drasl.nix ./factorio.nix ./forgejo.nix @@ -37,7 +35,6 @@ ./torrenting.nix ./vaultwarden.nix ./web.nix - ./wireguard.nix ]; system.stateVersion = "23.11"; diff --git a/hosts/Infini-DL360/thelounge.nix b/hosts/Infini-DL360/thelounge.nix index acb0e37..95ad0ee 100644 --- a/hosts/Infini-DL360/thelounge.nix +++ b/hosts/Infini-DL360/thelounge.nix @@ -23,8 +23,6 @@ port = 9786; extraConfig = { reverseProxy = true; - prefetch = true; - fileUpload.enable = true; }; }; } diff --git a/hosts/Infini-DL360/web.nix b/hosts/Infini-DL360/web.nix index 1abdf99..cafc37a 100644 --- a/hosts/Infini-DL360/web.nix +++ b/hosts/Infini-DL360/web.nix @@ -91,6 +91,15 @@ in }; locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/"; }; + "files.inx.moe" = ssl-inx // { + locations."/" = { + root = "/srv/web/files.inx.moe"; + extraConfig = "autoindex on;"; + }; + locations."/p/" = { + root = "/srv/web/files.inx.moe"; + }; + }; "archive.inx.moe" = ssl-inx // { locations."/" = { root = "/srv/web/archive.inx.moe"; diff --git a/hosts/Infini-DL360/wireguard.nix b/hosts/Infini-DL360/wireguard.nix deleted file mode 100644 index d8a952c..0000000 --- a/hosts/Infini-DL360/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: -let - subnet = "192.168.200.0/24"; -in - -{ - networking.wireguard.enable = true; - - networking.nat.internalInterfaces = [ "wg0" ]; - networking.firewall.allowedUDPPorts = [ 51820 ]; - - networking.wireguard.interfaces = { - wg0 = { - ips = [ "192.168.200.1/24" ]; - listenPort = 51820; - - privateKeyFile = "/etc/secrets/wireguard/private"; - - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o br0 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o br0 -j MASQUERADE - ''; - }; - }; -} diff --git a/modules/modules/desktop/wm.nix b/modules/modules/desktop/wm.nix index 9ba2d4d..9a72a31 100644 --- a/modules/modules/desktop/wm.nix +++ b/modules/modules/desktop/wm.nix @@ -51,6 +51,9 @@ in services.xserver.displayManager = { lightdm.enable = true; + setupCommands = '' + ${lib.getExe pkgs.autorandr} -c + ''; }; home-manager.sharedModules = [