zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Cleanup services

Browse Source
This commit is contained in:
Zuckerberg 2023-03-12 14:05:11 -06:00
parent aaa1800d0c
commit ab2cc0cc0a
4 changed files with 67 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/server/default.nix
View File

@ -16,5 +16,7 @@
./owncast.nix ./owncast.nix
./mailserver.nix ./mailserver.nix
./nextcloud.nix ./nextcloud.nix
./iodine.nix
./searx.nix
]; ];
} }

20
common/server/iodine.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.iodine.server;
in {
config = lib.mkIf cfg.enable {
# iodine DNS-based vpn
services.iodine.server = {
ip = "192.168.99.1";
domain = "tun.neet.dev";
passwordFile = "/run/agenix/iodine";
};
age.secrets.iodine.file = ../../secrets/iodine.age;
networking.firewall.allowedUDPPorts = [ 53 ];
networking.nat.internalInterfaces = [
"dns0" # iodine
];
};
}

29
common/server/searx.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.searx;
in {
config = lib.mkIf cfg.enable {
services.searx = {
environmentFile = "/run/agenix/searx";
settings = {
server.port = 43254;
server.secret_key = "@SEARX_SECRET_KEY@";
engines = [ {
name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
} ];
};
};
services.nginx.virtualHosts."search.neet.space" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
};
};
age.secrets.searx.file = ../../secrets/searx.age;
};
}

58
machines/ponyo/configuration.nix
View File

@ -9,17 +9,23 @@
system.autoUpgrade.enable = true; system.autoUpgrade.enable = true;
# p2p mesh network
services.tailscale.exitNode = true;
services.zerotierone.enable = true; services.zerotierone.enable = true;
# email server
mailserver.enable = true; mailserver.enable = true;
# nextcloud
services.nextcloud.enable = true; services.nextcloud.enable = true;
# git
services.gitea = { services.gitea = {
enable = true; enable = true;
hostname = "git.neet.dev"; hostname = "git.neet.dev";
}; };
# IRC
services.thelounge = { services.thelounge = {
enable = true; enable = true;
port = 9000; port = 9000;
@ -31,12 +37,14 @@
}; };
}; };
# mumble
services.murmur = { services.murmur = {
enable = true; enable = true;
port = 23563; port = 23563;
domain = "voice.neet.space"; domain = "voice.neet.space";
}; };
# IRC bot
services.drastikbot = { services.drastikbot = {
enable = true; enable = true;
wolframAppIdFile = "/run/agenix/wolframalpha"; wolframAppIdFile = "/run/agenix/wolframalpha";
@ -46,7 +54,7 @@
owner = config.services.drastikbot.user; owner = config.services.drastikbot.user;
}; };
# wrap radio in a VPN # music radio
vpn-container.enable = true; vpn-container.enable = true;
vpn-container.config = { vpn-container.config = {
services.radio = { services.radio = {
@ -54,11 +62,6 @@
host = "radio.runyan.org"; host = "radio.runyan.org";
}; };
}; };
# tailscale
services.tailscale.exitNode = true;
# icecast endpoint + website
services.nginx.virtualHosts."radio.runyan.org" = { services.nginx.virtualHosts."radio.runyan.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -73,6 +76,7 @@
}; };
}; };
# matrix home server
services.matrix = { services.matrix = {
enable = true; enable = true;
host = "neet.space"; host = "neet.space";
@ -90,45 +94,13 @@
secret = "a8369a0e96922abf72494bb888c85831b"; secret = "a8369a0e96922abf72494bb888c85831b";
}; };
}; };
# pin postgresql for matrix (will need to migrate eventually)
services.postgresql.package = pkgs.postgresql_11; services.postgresql.package = pkgs.postgresql_11;
services.searx = {
enable = false;
environmentFile = "/run/agenix/searx";
settings = {
server.port = 43254;
server.secret_key = "@SEARX_SECRET_KEY@";
engines = [ {
name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
} ];
};
};
services.nginx.virtualHosts."search.neet.space" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
};
};
age.secrets.searx.file = ../../secrets/searx.age;
# iodine DNS-based vpn # iodine DNS-based vpn
services.iodine.server = { services.iodine.server.enable = true;
enable = true;
ip = "192.168.99.1";
domain = "tun.neet.dev";
passwordFile = "/run/agenix/iodine";
};
age.secrets.iodine.file = ../../secrets/iodine.age;
networking.firewall.allowedUDPPorts = [ 53 ];
networking.nat.internalInterfaces = [
"dns0" # iodine
];
# proxied web services
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."jellyfin.neet.cloud" = { services.nginx.virtualHosts."jellyfin.neet.cloud" = {
enableACME = true; enableACME = true;
@ -144,13 +116,14 @@
locations."/".proxyPass = "http://s0.zt.neet.dev:4533"; locations."/".proxyPass = "http://s0.zt.neet.dev:4533";
}; };
# TODO replace with a proper file hosting service
services.nginx.virtualHosts."tmp.neet.dev" = { services.nginx.virtualHosts."tmp.neet.dev" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "/var/www/tmp"; root = "/var/www/tmp";
}; };
# redirect to github # redirect runyan.org to github
services.nginx.virtualHosts."runyan.org" = { services.nginx.virtualHosts."runyan.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -159,6 +132,7 @@
''; '';
}; };
# owncast live streaming
services.owncast.enable = true; services.owncast.enable = true;
services.owncast.hostname = "live.neet.dev"; services.owncast.hostname = "live.neet.dev";
} }