rhelmot
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/sites/sunflower/configuration.nix

276 lines
6.8 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.initrd.systemd.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
networking.hostName = "sunflower";
networking.hostId = "77d68c52";
networking.useNetworkd = true;
systemd.network.enable = true;
systemd.network.networks."30-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [
"2a01:4f9:c013:ce62::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
system.stateVersion = "24.11";
security.sudo.wheelNeedsPassword = false;
networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 ];
networking.firewall.allowedUDPPorts = [ 1337 1338 ];
security.acme = {
acceptTerms = true;
defaults.email = "audrey@rhelmot.io";
};
services.bingosync = {
enable = true;
domain = "celestebingo.rhelmot.io";
socketsDomain = "sockets-celestebingo.rhelmot.io";
databaseUrl = "postgres://%2Frun%2Fpostgresql/bingosync";
extraPythonPackages = p: [ p.psycopg2 ];
};
users.users.wiki-js = {
isSystemUser = true;
group = "wiki-js";
};
users.groups.wiki-js = {};
users.groups.${config.services.forgejo.group}.members = [config.services.nginx.user];
services.wiki-js = {
enable = true;
settings = {
db.type = "postgres";
db.db = "wiki-js";
db.user = "wiki-js";
db.host = "/run/postgresql";
bindIP = "127.0.0.1";
port = 5517;
};
};
services.forgejo = {
enable = true;
lfs.enable = true;
database = {
createDatabase = true;
type = "postgres";
socket = "/run/postgresql";
};
settings = {
DEFAULT = {
APP_NAME = "Shellphish Git";
};
server = {
DOMAIN = "git.rhelmot.io";
PROTOCOL = "http+unix";
ROOT_URL = "https://git.rhelmot.io/";
UNIX_SOCKET_PERMISSION = "770";
LANDING_PAGE = "explore";
};
"ssh.minimum_key_sizes".RSA = "2047";
repository = {
ENABLE_PUSH_CREATE_USER = "true";
ENABLE_PUSH_CREATE_ORG = "true";
};
};
};
services.keycloak = {
enable = true;
};
services.postgresql = {
enable = true;
ensureDatabases = [
"bingosync"
"mspa"
"wiki-js"
"forgejo"
];
ensureUsers = [
{ name = "bingosync"; ensureDBOwnership = true; }
{ name = "mspa"; ensureDBOwnership = true; }
{ name = "wiki-js"; ensureDBOwnership = true; }
{ name = "forgejo"; ensureDBOwnership = true; }
];
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method optional_ident_map
local all all peer map=defaultmap
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
defaultmap root postgres
defaultmap postgres postgres
defaultmap php-nginx mspa
defaultmap bingosync bingosync
defaultmap wiki-js wiki-js
defaultmap forgejo forgejo
'';
};
users.users.php-nginx = {
isSystemUser = true;
group = "php-nginx";
};
users.groups.php-nginx = {};
services.phpfpm.pools.nginx = {
user = "php-nginx";
settings = {
"pm" = "dynamic";
"listen.owner" = config.services.nginx.user;
"pm.max_children" = 5;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
};
};
services.nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"rhelmot.io" = {
default = true;
forceSSL = true;
enableACME = true;
root = "/var/www/rhelmot.io/";
locations."/secret/" = {
basicAuthFile = "/var/lib/rhelmot.io/secret";
};
locations."~ ^/MSPA/(.*\\.php|)$" = {
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket};
fastcgi_index index.php;
'';
index = "index.php index.html";
};
};
"www.rhelmot.io" = {
globalRedirect = "rhelmot.io";
enableACME = true;
};
"blog.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/nix/var/nix/profiles/blog-rhelmot-io";
};
};
"www.blog.rhelmot.io" = {
globalRedirect = "blog.rhelmot.io";
enableACME = true;
};
"bingosync.rhelmot.io" = {
locations."/" = {
proxyPass = "https://bingosync.com/";
proxyWebsockets = true;
};
};
# proxy conf generated by services.bingosync
"celestebingo.rhelmot.io" = {
enableACME = true;
addSSL = true;
};
"sockets-celestebingo.rhelmot.io" = {
enableACME = true;
addSSL = true;
};
"www.celestebingo.rhelmot.io" = {
globalRedirect = "celestebingo.rhelmot.io";
enableACME = true;
};
"minal.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www/minal.rhelmot.io/";
};
"www.minal.rhelmot.io" = {
globalRedirect = "minal.rhelmot.io";
enableACME = true;
};
"mimispastrypost.com" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www/mimispastrypost.com/";
};
"www.mimispastrypost.com" = {
globalRedirect = "mimispastrypost.com";
enableACME = true;
};
"wiki.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:5517/";
proxyWebsockets = true;
};
};
"git.rhelmot.io" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 4G;
'';
locations."/" = {
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
proxyWebsockets = true;
};
};
};
};
systemd.services.spamkick = let
src = pkgs.fetchFromGitHub {
owner = "maddie480";
repo = "SpamKick";
rev = "9dd5b5e3cc78e2520b13a0875ae7ef264a5a52c5";
hash = "sha256-ZjxnqIiXBaxrZwrCfDPVTpGmRxtrL5kc5ZcDUaQtbZo=";
};
env = pkgs.python3.withPackages (ps: with ps; [ discordpy ]);
in {
path = [ env ];
script = ''
export TOKEN="$(cat /var/lib/spamkick/token.txt)"
exec python ${src}/main.py
'';
serviceConfig = {
Type = "simple";
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
environment = {
LOG_CHANNEL_ID = "532689319350108160";
CHANNEL_COUNT = "4";
DELAY_SECONDS = "5";
DEBUG = "0";
};
};
}
Reference in New Issue View Git Blame Copy Permalink