Compare commits

...

2 commits

Author SHA1 Message Date
Fabian Montero 806b00f634
add alejandra formatter 2024-08-24 01:52:56 -06:00
Fabian Montero 9b3cc59d74
fix bug in internal relative paths 2024-08-24 01:34:42 -06:00
17 changed files with 174 additions and 133 deletions

View file

@ -28,46 +28,46 @@
};
};
outputs =
flakes@{ self
, nixpkgs
, unstable
, home-manager
, impermanence
, flake-utils
, vpsadminos
, homepage
, conduwuit
, mediawikiSkinCitizen
}:
let
system = "x86_64-linux";
outputs = flakes @ {
self,
nixpkgs,
unstable,
home-manager,
impermanence,
flake-utils,
vpsadminos,
homepage,
conduwuit,
mediawikiSkinCitizen,
}: let
system = "x86_64-linux";
pkgs = importPkgs nixpkgs;
pkgs = importPkgs nixpkgs;
importPkgs = flake: import flake {
importPkgs = flake:
import flake {
inherit system;
config = import ./pkgs/config nixpkgs.lib;
overlays = [ self.overlays.default ];
overlays = [self.overlays.default];
};
local = import ./pkgs;
in
local = import ./pkgs;
in
with pkgs.lib; {
formatter.${system} = pkgs.nixpkgs-fmt;
formatter.${system} = pkgs.alejandra;
packages.${system} = pkgs.local;
overlays.default = final: prev:
let
locals = local {
inherit final prev flakes;
};
in
overlays.default = final: prev: let
locals = local {
inherit final prev flakes;
};
in
{
local = locals;
unstable = importPkgs unstable;
} // locals.override;
}
// locals.override;
nixosConfigurations.vps = makeOverridable nixpkgs.lib.nixosSystem {
inherit pkgs system;
@ -80,4 +80,3 @@
};
};
}

View file

@ -1 +1 @@
lib: { }
lib: {}

View file

@ -1,5 +1,9 @@
{ final, prev, flakes }: {
{
final,
prev,
flakes,
}: {
homepage = flakes.homepage.packages.${final.system}.default;
override = { };
override = {};
}

View file

@ -1,6 +1,11 @@
{ config, pkgs, lib, flakes, ... }:
with lib;
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
flakes.vpsadminos.nixosConfigurations.container
flakes.home-manager.nixosModules.home-manager
@ -22,7 +27,7 @@ with lib;
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit flakes; };
extraSpecialArgs = {inherit flakes;};
users.fabian = {
imports = [
@ -56,8 +61,8 @@ with lib;
uid = 1000;
group = "fabian";
shell = pkgs.zsh;
extraGroups = [ "users" "wheel" "networkmanager" "dialout" "libvirtd" ];
openssh.authorizedKeys.keyFiles = [ "${flakes.self}/pki/fabian.pub" ];
extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"];
openssh.authorizedKeys.keyFiles = [../pki/fabian.pub];
};
groups.fabian.gid = 1000;
};
@ -75,13 +80,13 @@ with lib;
"/mnt/export2008" = {
device = "172.16.129.19:/nas/5876";
fsType = "nfs";
options = [ "nofail" "noatime" ];
options = ["nofail" "noatime"];
};
"/mnt/export2011" = {
device = "172.16.129.151:/nas/5876/bepasty";
fsType = "nfs";
options = [ "nofail" "noatime" "noexec" ];
options = ["nofail" "noatime" "noexec"];
};
};

View file

@ -1,6 +1,9 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
programs = {
zsh = {
enable = true;
@ -13,15 +16,14 @@ with lib;
};
neovim.enable = true;
};
home.packages = with pkgs;
[
file
htop
killall
man-pages
man-pages-posix
tree
zip
unzip
];
home.packages = with pkgs; [
file
htop
killall
man-pages
man-pages-posix
tree
zip
unzip
];
}

View file

@ -1,7 +1,11 @@
{ config, pkgs, lib, flakes, ... }:
with lib;
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
./cli.nix
];

View file

@ -1,8 +1,10 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."send.posixlycorrect.com" = {
enableACME = true;
@ -10,11 +12,10 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8989";
};
};
};

View file

@ -1,6 +1,11 @@
{ config, pkgs, lib, flakes, ... }:
with lib;
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
./net.nix
./mediawiki.nix

View file

@ -1,6 +1,9 @@
{ config, lib, ... }:
with lib;
{
config,
lib,
...
}:
with lib; {
config = {
environment.etc."fail2ban/filter.d/gitea.local".text = ''
[Definition]
@ -16,7 +19,7 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
'';
locations."/".proxyPass = "http://localhost:9170";
};
};

View file

@ -1,9 +1,10 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."stream.posixlycorrect.com" = {
enableACME = true;
@ -11,7 +12,7 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
'';
locations."/" = {
proxyPass = "http://localhost:8096";
};

View file

@ -1,9 +1,10 @@
{ lib, pkgs, flakes, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."meet.posixlycorrect.com" = {
enableACME = true;
@ -11,10 +12,10 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
ssl_verify_depth 1;
ssl_verify_client on;
ssl_client_certificate ${flakes.self}/pki/gatekeeper_ca.pem;
ssl_client_certificate ${../../pki/gatekeeper_ca.pem};
if ($ssl_client_verify != "SUCCESS") {
return 403;
}
@ -22,7 +23,6 @@ with lib;
};
};
jitsi-meet = {
enable = true;
hostName = "meet.posixlycorrect.com";

View file

@ -1,6 +1,9 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."status.posixlycorrect.com" = {
@ -9,7 +12,7 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
'';
locations."/" = {
proxyPass = "http://127.0.0.1:4456";
};

View file

@ -1,10 +1,14 @@
{ lib, pkgs, config, flakes, ... }:
with lib;
let
{
lib,
pkgs,
config,
flakes,
...
}:
with lib; let
subdomain = "matrix.posixlycorrect.com";
baseUrl = "https://${subdomain}";
in
{
in {
# ver https://nixos.org/manual/nixos/stable/#module-services-matrix
services = {
matrix-conduit = {
@ -23,37 +27,32 @@ in
};
};
nginx.virtualHosts =
let
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${subdomain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
"posixlycorrect.com" = {
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${subdomain}" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/".extraConfig = ''
return 403;
'';
locations."/_matrix".proxyPass = "http://[::1]:6167";
locations."/_synapse/client".proxyPass = "http://[::1]:6167";
};
nginx.virtualHosts = let
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${subdomain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
"posixlycorrect.com" = {
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${subdomain}" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/".extraConfig = ''
return 403;
'';
locations."/_matrix".proxyPass = "http://[::1]:6167";
locations."/_synapse/client".proxyPass = "http://[::1]:6167";
};
};
};
}

View file

@ -1,6 +1,10 @@
{ lib, pkgs, flakes, ... }:
with lib;
{
lib,
pkgs,
flakes,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."wiki.posixlycorrect.com" = {
@ -9,7 +13,7 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
'';
};
};
mediawiki = {

View file

@ -1,9 +1,12 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
users.groups = {
mailsenders = {
members = [ "fabian" "mediawiki" ];
members = ["fabian" "mediawiki"];
};
};

View file

@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
with lib;
{
lib,
pkgs,
...
}:
with lib; {
networking = {
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
allowedTCPPorts = [80 443];
};
domain = "posixlycorrect.com";
};
@ -36,7 +39,7 @@ with lib;
fail2ban = {
enable = true;
bantime = "10m";
ignoreIP = [ "37.205.12.34" ]; # Never ban the server's own IP
ignoreIP = ["37.205.12.34"]; # Never ban the server's own IP
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";

View file

@ -1,6 +1,9 @@
{ config, lib, ... }:
with lib;
{
config,
lib,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."vault.posixlycorrect.com" = {
@ -9,7 +12,7 @@ with lib;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
'';
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
@ -17,11 +20,13 @@ with lib;
#fail2ban.jails.gitea.settings = { };
postgresql = {
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
}];
ensureDatabases = ["vaultwarden"];
ensureUsers = [
{
name = "vaultwarden";
ensureDBOwnership = true;
}
];
};
vaultwarden = {