sehqlr
/
cloud.nix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
cloud.nix/custom.nix

197 lines
5.1 KiB
Nix
Raw Permalink Blame History

{ config, lib, pkgs, ... }: {
# COMMON CONFIG
nix.gc.automatic = true;
nixpkgs.config.allowUnfree = true;
networking.firewall.allowedTCPPorts = [ 20 21 80 443 8888 25565 ];
networking.firewall.allowedTCPPortRanges = [{
from = 56250;
to = 56260;
}];
security.acme.acceptTerms = true;
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
services.nginx.recommendedTlsSettings = true;
virtualisation.oci-containers.backend = "podman";
# IPFS
services.ipfs = {
enable = true;
enableGC = true;
emptyRepo = true;
};
# MINECRAFT
systemd.services.fabric-minecraft-server = {
description = "Fabric+Minecraft Server Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = [ /home/mar ];
serviceConfig = {
ExecStart = "${pkgs.adoptopenjdk-jre-hotspot-bin-16}/bin/java -Dlog4j2.formatMsgNoLookups=true -jar fabric-server-launch.jar";
Restart = "always";
WorkingDirectory = "/home/mar";
};
};
services.vsftpd = {
enable = true;
writeEnable = true;
localUsers = true;
extraConfig = ''
pasv_min_port=56250
pasv_max_port=56260
'';
};
# PAPERLESS
services.paperless-ng = {
enable = true;
extraConfig = {
PAPERLESS_DISABLE_LOGIN = "false";
PAPERLESS_PASSPHRASE = "$(< /run/keys/paperless_passphrase)";
PAPERLESS_FORGIVING_OCR = "true";
};
};
security.acme.certs."paperless.samhatfield.me".email = "hey@samhatfield.me";
services.nginx.virtualHosts."paperless.samhatfield.me" =
let cfg = config.services.paperless-ng;
in {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://${cfg.address}:${toString cfg.port}";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
"/static/" = {
alias = "${cfg.dataDir}/static/";
extraConfig = ''
autoindex on;
'';
};
};
};
users.users.paperless = {
isSystemUser = true;
extraGroups = [ "keys" ];
};
# LYCHEE
users.users.lychee = {
description = "Lychee server service user";
group = "users";
isSystemUser = true;
home = "/var/lib/lychee";
createHome = true;
};
virtualisation.oci-containers.containers."Lychee" = {
image = "lycheeorg/lychee";
ports = [ "8888:80" ];
volumes = [
"/var/lib/lychee/uploads:/uploads"
"/var/lib/lychee/sym:/sym"
"/var/lib/lychee/conf:/conf"
];
};
security.acme.certs."lychee.samhatfield.me".email = "hey@samhatfield.me";
services.nginx.virtualHosts."lychee.samhatfield.me" = {
enableACME = true;
forceSSL = true;
locations = { "/" = { proxyPass = "http://localhost:8888"; }; };
};
# BORGBACKUP JOBS
services.borgbackup = {
jobs = let
job = name: value: {
paths = value;
repo = "/root/backup";
encryption = {
mode = "repokey";
passCommand = "cat /run/keys/borgbackup_passphrase";
};
compression = "auto,lzma";
startAt = "weekly";
};
in lib.attrsets.mapAttrs job {
paperless = "/var/lib/paperless";
lychee = "/var/lib/lychee";
minecraft = "/home/mar";
taskserver = "/var/lib/taskserver";
hedgedoc = "/var/lib/hedgedoc";
};
};
# WEBSITES
# samhatfield.me
security.acme.certs."samhatfield.me".email = "hey@samhatfield.me";
services.nginx.virtualHosts."samhatfield.me" = {
enableACME = true;
forceSSL = true;
root = "/var/www/html/samhatfield.me";
};
# beccastevens.me
security.acme.certs."beccastevens.me".email = "hello@beccastevens.me";
services.nginx.virtualHosts."beccastevens.me" = {
enableACME = true;
forceSSL = true;
root = "/var/www/html/beccastevens.me/web";
};
# HEDGEDOC
security.acme.certs."hedgedoc.samhatfield.me".email = "hey@samhatfield.me";
services.nginx.virtualHosts."hedgedoc.samhatfield.me" = {
enableACME = true;
forceSSL = true;
locations = let host = config.services.hedgedoc.configuration.host;
port = toString config.services.hedgedoc.configuration.port;
in {
"/" = {
proxyPass = "http://${host}:${port}";
};
"/socket.io/" = {
proxyPass = "http://${host}:${port}";
proxyWebsockets = true;
};
};
};
services.hedgedoc = let cfg = config.services.hedgedoc; in {
enable = true;
configuration = {
db = {
dialect = "sqlite";
storage = "${cfg.workDir}/db.hedgedoc.sqlite";
};
};
};
# SEHQLR
users.users.sehqlr = {
isNormalUser = true;
home = "/home/sehqlr";
description = "Sam Hatfield <hey@samhatfield.me>";
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
};
}
Reference in New Issue View Git Blame Copy Permalink