{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; boot.initrd.supportedFilesystems = [ "zfs" ]; boot.initrd.systemd.enable = true; services.zfs.autoScrub.enable = true; services.zfs.trim.enable = true; networking.hostName = "sunflower"; networking.hostId = "77d68c52"; networking.useNetworkd = true; systemd.network.enable = true; systemd.network.networks."30-wan" = { matchConfig.Name = "enp1s0"; networkConfig.DHCP = "ipv4"; address = [ "2a01:4f9:c013:ce62::1/64" ]; routes = [ { Gateway = "fe80::1"; } ]; }; system.stateVersion = "24.11"; security.sudo.wheelNeedsPassword = false; networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 ]; networking.firewall.allowedUDPPorts = [ 1337 1338 ]; security.acme = { acceptTerms = true; defaults.email = "audrey@rhelmot.io"; }; services.bingosync = { enable = true; domain = "celestebingo.rhelmot.io"; socketsDomain = "sockets-celestebingo.rhelmot.io"; databaseUrl = "postgres://%2Frun%2Fpostgresql/bingosync"; extraPythonPackages = p: [ p.psycopg2 ]; }; users.users.wiki-js = { isSystemUser = true; group = "wiki-js"; }; users.groups.wiki-js = {}; users.groups.${config.services.forgejo.group}.members = [config.services.nginx.user]; services.wiki-js = { enable = true; settings = { db.type = "postgres"; db.db = "wiki-js"; db.user = "wiki-js"; db.host = "/run/postgresql"; bindIP = "127.0.0.1"; port = 5517; }; }; services.forgejo = { enable = true; lfs.enable = true; database = { createDatabase = true; type = "postgres"; socket = "/run/postgresql"; }; settings = { DEFAULT = { APP_NAME = "Shellphish Git"; }; server = { DOMAIN = "git.rhelmot.io"; PROTOCOL = "http+unix"; ROOT_URL = "https://git.rhelmot.io/"; UNIX_SOCKET_PERMISSION = "770"; LANDING_PAGE = "explore"; }; "ssh.minimum_key_sizes".RSA = "2047"; repository = { ENABLE_PUSH_CREATE_USER = "true"; ENABLE_PUSH_CREATE_ORG = "true"; }; }; }; services.keycloak = { enable = true; }; services.postgresql = { enable = true; ensureDatabases = [ "bingosync" "mspa" "wiki-js" "forgejo" ]; ensureUsers = [ { name = "bingosync"; ensureDBOwnership = true; } { name = "mspa"; ensureDBOwnership = true; } { name = "wiki-js"; ensureDBOwnership = true; } { name = "forgejo"; ensureDBOwnership = true; } ]; authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method optional_ident_map local all all peer map=defaultmap ''; identMap = '' # ArbitraryMapName systemUser DBUser defaultmap root postgres defaultmap postgres postgres defaultmap php-nginx mspa defaultmap bingosync bingosync defaultmap wiki-js wiki-js defaultmap forgejo forgejo ''; }; users.users.php-nginx = { isSystemUser = true; group = "php-nginx"; }; users.groups.php-nginx = {}; services.phpfpm.pools.nginx = { user = "php-nginx"; settings = { "pm" = "dynamic"; "listen.owner" = config.services.nginx.user; "pm.max_children" = 5; "pm.start_servers" = 2; "pm.min_spare_servers" = 1; "pm.max_spare_servers" = 3; "pm.max_requests" = 500; }; }; services.nginx = { recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "rhelmot.io" = { default = true; forceSSL = true; enableACME = true; root = "/var/www/rhelmot.io/"; locations."/secret/" = { basicAuthFile = "/var/lib/rhelmot.io/secret"; }; locations."~ ^/MSPA/(.*\\.php|)$" = { extraConfig = '' fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket}; fastcgi_index index.php; ''; index = "index.php index.html"; }; }; "www.rhelmot.io" = { globalRedirect = "rhelmot.io"; enableACME = true; }; "blog.rhelmot.io" = { forceSSL = true; enableACME = true; locations."/" = { root = "/nix/var/nix/profiles/blog-rhelmot-io"; }; }; "www.blog.rhelmot.io" = { globalRedirect = "blog.rhelmot.io"; enableACME = true; }; "bingosync.rhelmot.io" = { locations."/" = { proxyPass = "https://bingosync.com/"; proxyWebsockets = true; }; }; # proxy conf generated by services.bingosync "celestebingo.rhelmot.io" = { enableACME = true; addSSL = true; }; "sockets-celestebingo.rhelmot.io" = { enableACME = true; addSSL = true; }; "www.celestebingo.rhelmot.io" = { globalRedirect = "celestebingo.rhelmot.io"; enableACME = true; }; "minal.rhelmot.io" = { forceSSL = true; enableACME = true; locations."/".root = "/var/www/minal.rhelmot.io/"; }; "www.minal.rhelmot.io" = { globalRedirect = "minal.rhelmot.io"; enableACME = true; }; "mimispastrypost.com" = { forceSSL = true; enableACME = true; locations."/".root = "/var/www/mimispastrypost.com/"; }; "www.mimispastrypost.com" = { globalRedirect = "mimispastrypost.com"; enableACME = true; }; "wiki.rhelmot.io" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:5517/"; proxyWebsockets = true; }; }; "git.rhelmot.io" = { forceSSL = true; enableACME = true; extraConfig = '' client_max_body_size 4G; ''; locations."/" = { proxyPass = "http://unix:/run/forgejo/forgejo.sock"; proxyWebsockets = true; }; }; }; }; systemd.services.spamkick = let src = pkgs.fetchFromGitHub { owner = "maddie480"; repo = "SpamKick"; rev = "9dd5b5e3cc78e2520b13a0875ae7ef264a5a52c5"; hash = "sha256-ZjxnqIiXBaxrZwrCfDPVTpGmRxtrL5kc5ZcDUaQtbZo="; }; env = pkgs.python3.withPackages (ps: with ps; [ discordpy ]); in { path = [ env ]; script = '' export TOKEN="$(cat /var/lib/spamkick/token.txt)" exec python ${src}/main.py ''; serviceConfig = { Type = "simple"; Restart = "always"; }; wantedBy = [ "multi-user.target" ]; environment = { LOG_CHANNEL_ID = "532689319350108160"; CHANNEL_COUNT = "4"; DELAY_SECONDS = "5"; DEBUG = "0"; }; }; }