Cleanup services

2023-03-12 14:05:11 -06:00 · 2023-03-12 14:05:11 -06:00 · ab2cc0cc0a
commit ab2cc0cc0a
parent aaa1800d0c
4 changed files with 67 additions and 42 deletions
--- a/common/server/default.nix
+++ b/common/server/default.nix
@ -16,5 +16,7 @@
    ./owncast.nix
    ./mailserver.nix
    ./nextcloud.nix
+    ./iodine.nix
+    ./searx.nix
  ];
 }
--- a/common/server/iodine.nix
+++ b/common/server/iodine.nix
@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.iodine.server;
+in {
+  config = lib.mkIf cfg.enable {
+    # iodine DNS-based vpn
+    services.iodine.server = {
+      ip = "192.168.99.1";
+      domain = "tun.neet.dev";
+      passwordFile = "/run/agenix/iodine";
+    };
+    age.secrets.iodine.file = ../../secrets/iodine.age;
+    networking.firewall.allowedUDPPorts = [ 53 ];
+
+    networking.nat.internalInterfaces = [
+      "dns0" # iodine
+    ];
+  };
+}
--- a/common/server/searx.nix
+++ b/common/server/searx.nix
@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.searx;
+in {
+  config = lib.mkIf cfg.enable {
+    services.searx = {
+      environmentFile = "/run/agenix/searx";
+      settings = {
+        server.port = 43254;
+        server.secret_key = "@SEARX_SECRET_KEY@";
+        engines = [ {
+          name = "wolframalpha";
+          shortcut = "wa";
+          api_key = "@WOLFRAM_API_KEY@";
+          engine = "wolframalpha_api";
+        } ];
+      };
+    };
+    services.nginx.virtualHosts."search.neet.space" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
+      };
+    };
+    age.secrets.searx.file = ../../secrets/searx.age;
+  };
+}
--- a/machines/ponyo/configuration.nix
+++ b/machines/ponyo/configuration.nix
@ -9,17 +9,23 @@

  system.autoUpgrade.enable = true;

+  # p2p mesh network
+  services.tailscale.exitNode = true;
  services.zerotierone.enable = true;

+  # email server
  mailserver.enable = true;

+  # nextcloud
  services.nextcloud.enable = true;

+  # git
  services.gitea = {
    enable = true;
    hostname = "git.neet.dev";
  };

+  # IRC
  services.thelounge = {
    enable = true;
    port = 9000;
@ -31,12 +37,14 @@
    };
  };

+  # mumble
  services.murmur = {
    enable = true;
    port = 23563;
    domain = "voice.neet.space";
  };

+  # IRC bot
  services.drastikbot = {
    enable = true;
    wolframAppIdFile = "/run/agenix/wolframalpha";
@ -46,7 +54,7 @@
    owner = config.services.drastikbot.user;
  };

-  # wrap radio in a VPN
+  # music radio
  vpn-container.enable = true;
  vpn-container.config = {
    services.radio = {
@ -54,11 +62,6 @@
      host = "radio.runyan.org";
    };
  };
-
-  # tailscale
-  services.tailscale.exitNode = true;
-
-  # icecast endpoint + website
  services.nginx.virtualHosts."radio.runyan.org" = {
    enableACME = true;
    forceSSL = true;
@ -73,6 +76,7 @@
    };
  };

+  # matrix home server
  services.matrix = {
    enable = true;
    host = "neet.space";
@ -90,45 +94,13 @@
      secret = "a8369a0e96922abf72494bb888c85831b";
    };
  };
+  # pin postgresql for matrix (will need to migrate eventually)
  services.postgresql.package = pkgs.postgresql_11;

-  services.searx = {
-    enable = false;
-    environmentFile = "/run/agenix/searx";
-    settings = {
-      server.port = 43254;
-      server.secret_key = "@SEARX_SECRET_KEY@";
-      engines = [ {
-        name = "wolframalpha";
-        shortcut = "wa";
-        api_key = "@WOLFRAM_API_KEY@";
-        engine = "wolframalpha_api";
-      } ];
-    };
-  };
-  services.nginx.virtualHosts."search.neet.space" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
-    };
-  };
-  age.secrets.searx.file = ../../secrets/searx.age;
-
  # iodine DNS-based vpn
-  services.iodine.server = {
-    enable = true;
-    ip = "192.168.99.1";
-    domain = "tun.neet.dev";
-    passwordFile = "/run/agenix/iodine";
-  };
-  age.secrets.iodine.file = ../../secrets/iodine.age;
-  networking.firewall.allowedUDPPorts = [ 53 ];
-
-  networking.nat.internalInterfaces = [
-    "dns0" # iodine
-  ];
+  services.iodine.server.enable = true;

+  # proxied web services
  services.nginx.enable = true;
  services.nginx.virtualHosts."jellyfin.neet.cloud" = {
    enableACME = true;
@ -144,13 +116,14 @@
    locations."/".proxyPass = "http://s0.zt.neet.dev:4533";
  };

+  # TODO replace with a proper file hosting service
  services.nginx.virtualHosts."tmp.neet.dev" = {
    enableACME = true;
    forceSSL = true;
    root = "/var/www/tmp";
  };

-  # redirect to github
+  # redirect runyan.org to github
  services.nginx.virtualHosts."runyan.org" = {
    enableACME = true;
    forceSSL = true;
@ -159,6 +132,7 @@
    '';
  };

+  # owncast live streaming
  services.owncast.enable = true;
  services.owncast.hostname = "live.neet.dev";
 }