migrate to nixos modules

common/server/mumble.nix

@@ -1,31 +1,34 @@
-{ config, ... }:
+{ lib, config, ... }:
 
-let 
-  murmurPort = 23563;
-  domain = "voice.neet.space";
+let
+  cfg = config.services.murmur;
   certs = config.security.acme.certs;
 in {
-  config.networking.firewall.allowedTCPPorts = [ murmurPort ];
-  config.networking.firewall.allowedUDPPorts = [ murmurPort ];
-
-  config.services.murmur = {
-    enable = true;
-    port = murmurPort;
-    sslCa = "${certs.${domain}.directory}/chain.pem";
-    sslKey = "${certs.${domain}.directory}/key.pem";
-    sslCert = "${certs.${domain}.directory}/fullchain.pem";
-    welcometext = "Welcome to ${domain}";
+  options.services.murmur.domain = lib.mkOption {
+    type = lib.types.str;
   };
 
-  config.services.nginx.virtualHosts."${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-  };
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+    networking.firewall.allowedUDPPorts = [ cfg.port ];
 
-  # give mumble access to acme certs
-  config.security.acme.certs.${domain} = {
-    group = "murmur";
-    postRun = "systemctl reload-or-restart murmur";
+    services.murmur = {
+      sslCa = "${certs.${cfg.domain}.directory}/chain.pem";
+      sslKey = "${certs.${cfg.domain}.directory}/key.pem";
+      sslCert = "${certs.${cfg.domain}.directory}/fullchain.pem";
+      welcometext = "Welcome to ${cfg.domain}";
+    };
+
+    services.nginx.virtualHosts."${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+
+    # give mumble access to acme certs
+    security.acme.certs.${cfg.domain} = {
+      group = "murmur";
+      postRun = "systemctl reload-or-restart murmur";
+    };
+    users.users.nginx.extraGroups = [ "murmur" ];
   };
-  config.users.users.nginx.extraGroups = [ "murmur" ];
 }

common/server/nginx.nix

@@ -1,14 +1,15 @@
-{ config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 
 {
-  services.nginx = {
-    enable = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-  };
+  config = lib.mkIf config.services.nginx.enable {
+    services.nginx = {
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+    };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.firewall.allowedUDPPorts = [ 80 443 ];
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedUDPPorts = [ 80 443 ];
+  };
 }

common/server/nsd.nix

@@ -1,95 +0,0 @@
-{ config, ... }:
-
-{
-  services.nsd = let
-    self = "142.4.210.222";
-    secondary = "167.114.154.31";
-  in {
-    enable = true;
-    interfaces = [ "0.0.0.0" ];
-    roundRobin = true;
-    ipTransparent = true;
-    zones.neet = rec {
-      provideXFR = [ "${secondary} NOKEY" ];
-      notify = provideXFR;
-      children = {
-        "neet.dev.".data = ''
-$TTL 300
-@   IN  SOA     ns1.neet.dev. contact.neet.dev. (
-        2011072000  ;Serial
-        300         ;Refresh
-        300         ;Retry
-        604800      ;Expire
-        300         ;Minimum TTL
-)
-
-@            IN  NS          ns1.neet.dev.
-@            IN  NS          ns2.neet.dev.
-
-@            IN  A           ${self}
-www          IN  A           ${self}
-irc          IN  A           ${self}
-wiki         IN  A           ${self}
-ns1          IN  A           ${self}
-ns2          IN  A           167.114.154.31
-ragnarok     IN  A           155.138.219.146
-coder        IN  A           ${self}
-git          IN  A           ${self}
-
-@            IN  TXT         "rizon_vhost=Googlebot"
-ownercheck   IN  TXT         "dc97b3fd"
-        '';
-        "neet.space.".data = ''
-$TTL 300
-@   IN  SOA     ns1.neet.dev. contact.neet.dev. (
-        2011071017  ;Serial
-        300         ;Refresh
-        300         ;Retry
-        604800      ;Expire
-        300         ;Minimum TTL
-)
-
-@                  IN  NS          ns1.neet.dev.
-@                  IN  NS          ns2.neet.dev.
-
-@                  IN  A           ${self}
-www                IN  A           ${self}
-voice              IN  A           ${self}
-stream             IN  A           ${self}
-radio              IN  A           ${self}
-tube               IN  A           ${self}
-sock.tube          IN  A           ${self}
-mural              IN  A           ${self}
-
-_minecraft._tcp    IN  SRV         0 5 23589 neet.space.
-_mumble._tcp       IN  SRV         0 5 23563 voice.neet.space.
-_mumble._tcp.voice IN  SRV         0 5 23563 voice.neet.space.
-
-@                  IN  TXT         "rizon_vhost=Googlebot"
-ownercheck         IN  TXT         "dc97b3fd"
-        '';
-        "neet.cloud.".data = ''
-$TTL 300
-@   IN  SOA     ns1.neet.dev. contact.neet.dev. (
-        2011071011  ;Serial
-        300         ;Refresh
-        300         ;Retry
-        604800      ;Expire
-        300         ;Minimum TTL
-)
-
-@            IN  NS          ns1.neet.dev.
-@            IN  NS          ns2.neet.dev.
-
-@            IN  A           ${self}
-www          IN  A           ${self}
-paste        IN  A           ${self}
-globie-info  IN  A           ${self}
-files        IN  A           ${self}
-
-ownercheck   IN  TXT         "dc97b3fd"
-        '';
-      };
-    };
-  };
-}

common/server/thelounge.nix

@@ -1,44 +1,64 @@
-{ config, ... }:
+{ lib, config, ... }:
 
-{
-  services.thelounge = {
-    enable = true;
-    port = 9000;
-    private = true;
-    extraConfig = {
-      reverseProxy = true;
-      maxHistory = -1;
-      https.enable = false;
-#      theme = "thelounge-theme-solarized";
-      prefetch = false;
-      prefetchStorage = false;
-      fileUpload = {
-        enable = true;
-        maxFileSize = -1;
-        baseUrl = "https://files.neet.cloud/irc/";
+let
+  cfg = config.services.thelounge;
+in {
+  options.services.thelounge = {
+    fileUploadBaseUrl = lib.mkOption {
+      type = lib.types.str;
+    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      example = "example.com";
+    };
+    fileHost = {
+      host = lib.mkOption {
+        type = lib.types.str;
+      };
+      path = lib.mkOption {
+        type = lib.types.str;
       };
-      transports = [ "websocket" "polling" ];
-      leaveMessage = "leaving";
-      messageStorage = [ "sqlite" "text" ];
     };
   };
 
-  # the lounge client
-  services.nginx.virtualHosts."irc.neet.dev" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString config.services.thelounge.port}";
-      proxyWebsockets = true;
+  config = lib.mkIf cfg.enable {
+    services.thelounge = {
+      private = true;
+      extraConfig = {
+        reverseProxy = true;
+        maxHistory = -1;
+        https.enable = false;
+  #      theme = "thelounge-theme-solarized";
+        prefetch = false;
+        prefetchStorage = false;
+        fileUpload = {
+          enable = true;
+          maxFileSize = -1;
+          baseUrl = cfg.fileUploadBaseUrl;
+        };
+        transports = [ "websocket" "polling" ];
+        leaveMessage = "leaving";
+        messageStorage = [ "sqlite" "text" ];
+      };
     };
-  };
 
-  # the lounge files
-  services.nginx.virtualHosts."files.neet.cloud" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/irc" = {
-      proxyPass = "http://localhost:${toString config.services.thelounge.port}/uploads";
+    # the lounge client
+    services.nginx.virtualHosts.${cfg.host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.thelounge.port}";
+        proxyWebsockets = true;
+      };
+    };
+
+    # the lounge files
+    services.nginx.virtualHosts.${cfg.fileHost.host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations.${cfg.fileHost.path} = {
+        proxyPass = "http://localhost:${toString config.services.thelounge.port}/uploads";
+      };
     };
   };
 }