148 lines
3.4 KiB
Nix
148 lines
3.4 KiB
Nix
{ config, pkgs, lib, private, ... }: {
|
|
imports = lib.flatten [
|
|
private.nixosModules.minecraft-servers
|
|
private.nixosModules.nitter
|
|
./hardware-configuration.nix
|
|
./filesystems.nix
|
|
];
|
|
|
|
system.stateVersion = "22.05";
|
|
|
|
modules = {
|
|
boot = {
|
|
grub.enable = true;
|
|
timeout = 1;
|
|
};
|
|
hardware = {
|
|
# gpu.nvidia = true;
|
|
form.server = true;
|
|
};
|
|
services.apcupsd = {
|
|
enable = false;
|
|
primary = false;
|
|
config = {
|
|
address = "192.168.1.212";
|
|
};
|
|
};
|
|
};
|
|
|
|
services = {
|
|
avahi.reflector = true;
|
|
|
|
soft-serve.enable = true;
|
|
};
|
|
|
|
environment.persistence."/persist" = {
|
|
directories = [
|
|
"/home"
|
|
"/etc/nixos"
|
|
"/etc/nixos-private"
|
|
|
|
# /var directories
|
|
"/var/log"
|
|
"/var/lib/systemd/coredump"
|
|
"/var/lib/tailscale"
|
|
"/var/lib/bitwarden_rs"
|
|
|
|
"/srv"
|
|
];
|
|
|
|
files = [
|
|
"/etc/machine-id"
|
|
|
|
"/root/.local/share/nix/trusted-settings.json"
|
|
"/root/.ssh/known_hosts"
|
|
"/root/.ssh/id_ed25519"
|
|
"/root/.ssh/id_ed25519.pub"
|
|
"/root/.ssh/immutable_files.txt"
|
|
];
|
|
};
|
|
|
|
age.secrets."inx.moe.pem".owner = "nginx";
|
|
age.secrets."inx.moe.pem".group = "nginx";
|
|
age.secrets."inx.moe.key".owner = "nginx";
|
|
age.secrets."inx.moe.key".group = "nginx";
|
|
age.secrets."vaultwarden".owner = "vaultwarden";
|
|
age.secrets."vaultwarden".group = "vaultwarden";
|
|
|
|
services = {
|
|
nginx =
|
|
let
|
|
cfg = config.services.nginx;
|
|
ssl = { sslCertificate = config.secrets."inx.moe.pem"; sslCertificateKey = config.secrets."inx.moe.key"; forceSSL = true; };
|
|
in
|
|
{
|
|
enable = true;
|
|
|
|
statusPage = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts = {
|
|
"*.inx.moe" = ssl // {
|
|
listen = lib.flatten
|
|
(map
|
|
(addr: [
|
|
{ inherit addr; port = 443; ssl = true; }
|
|
{ inherit addr; port = 80; ssl = false; }
|
|
])
|
|
cfg.defaultListenAddresses);
|
|
|
|
globalRedirect = "inx.moe";
|
|
};
|
|
"nitter.inx.moe" = ssl // {
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:8000";
|
|
};
|
|
};
|
|
"bitwarden.inx.moe" = ssl // {
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
vaultwarden = {
|
|
enable = true;
|
|
environmentFile = config.secrets."vaultwarden";
|
|
config = {
|
|
DOMAIN = "https://bitwarden.inx.moe";
|
|
SIGNUPS_ALLOWED = false;
|
|
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
|
ROCKET_PORT = 8222;
|
|
ROCKET_LOG = "critical";
|
|
|
|
PUSH_ENABLED = true;
|
|
PUSH_RELAY_URI = "https://push.bitwarden.com";
|
|
};
|
|
};
|
|
|
|
nitter = rec {
|
|
enable = true;
|
|
server = {
|
|
title = "Nitter | inx.moe";
|
|
port = 8000;
|
|
hostname = "nitter.inx.moe";
|
|
};
|
|
openFirewall = true;
|
|
preferences = {
|
|
hideTweetStats = true;
|
|
hlsPlayback = true;
|
|
infiniteScroll = true;
|
|
proxyVideos = true;
|
|
replaceTwitter = server.hostname;
|
|
theme = "Black";
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedUDPPorts = [ 80 443 ];
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
}
|