diff --git a/servers/flake.lock b/servers/flake.lock new file mode 100644 index 0000000..02e67cf --- /dev/null +++ b/servers/flake.lock @@ -0,0 +1,110 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1723991338, + "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "path": "/nix/store/d9gbq853jvbccrz5g3y0irbwgc57w137-source", + "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/servers/flake.nix b/servers/flake.nix new file mode 100644 index 0000000..c495892 --- /dev/null +++ b/servers/flake.nix @@ -0,0 +1,29 @@ +{ + description = "The flake that describes my server configurations"; + + inputs.deploy-rs.url = "github:serokell/deploy-rs"; + + outputs = + { self + , nixpkgs + , deploy-rs + , + }: + { + nixosConfigurations.lunasa = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./lunasa/configuration.nix ]; + }; + + deploy.nodes.lunasa = { + hostname = "lina.cool"; + sshUser = "root"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.lunasa; + }; + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; +} diff --git a/servers/lunasa/configuration.nix b/servers/lunasa/configuration.nix new file mode 100644 index 0000000..7423bd5 --- /dev/null +++ b/servers/lunasa/configuration.nix @@ -0,0 +1,196 @@ +{ modulesPath, pkgs, lib, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + networking.hostName = "lunasa"; + zramSwap.enable = true; + services.openssh.enable = true; + boot.tmp.cleanOnBoot = true; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + + nix = { + package = pkgs.nixVersions.nix_2_22; + + settings = { + auto-optimise-store = lib.mkDefault true; + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + ]; + }; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy'' + ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 1935 # the RTMP port for OwnCast + 6667 # irc plaintext + ]; + + services.owncast = { + enable = true; + port = 8001; + }; + + services.ergochat = { + enable = true; + settings = { + accounts = { + authentication-enabled = true; + multiclient = { + allowed-by-default = true; + always-on = "opt-out"; + auto-away = "opt-out"; + enabled = true; + }; + registration = { + allow-before-connect = true; + bcrypt-cost = 4; + email-verification = { + enabled = false; + }; + enabled = true; + throttling = { + duration = "10m"; + enabled = true; + max-attempts = 30; + }; + }; + }; + channels = { + default-modes = "+ntC"; + registration = { + enabled = true; + }; + }; + datastore = { + autoupgrade = true; + path = "/var/lib/ergo/ircd.db"; + }; + history = { + autoreplay-on-join = 0; + autoresize-window = "3d"; + channel-length = 2048; + chathistory-maxmessages = 100; + client-length = 256; + enabled = true; + restrictions = { + expire-time = "1w"; + grace-period = "1h"; + query-cutoff = "none"; + }; + retention = { + allow-individual-delete = false; + enable-account-indexing = false; + }; + tagmsg-storage = { + default = false; + whitelist = [ + "+draft/react" + "+react" + ]; + }; + znc-maxmessages = 2048; + }; + limits = { + awaylen = 390; + channellen = 64; + identlen = 20; + kicklen = 390; + nicklen = 32; + topiclen = 390; + }; + network = { + name = "testnetwork"; + }; + server = { + casemapping = "permissive"; + check-ident = false; + enforce-utf = true; + forward-confirm-hostnames = false; + ip-cloaking = { + enabled = false; + }; + ip-limits = { + count = false; + throttle = false; + }; + listeners = { + ":6667" = { }; + }; + lookup-hostnames = false; + max-sendq = "1M"; + name = "example.com"; + relaymsg = { + enabled = false; + }; + }; + oper-classes = { + "chat-moderator" = { + title = "Chat Moderator"; + capabilities = [ + "kill" + "ban" + "nofakelag" + "relaymsg" + "vhosts" + "sajoin" + "samode" + "snomasks" + "roleplay" + ]; + }; + "server-admin" = { + title = "Server Admin"; + extends = "chat-moderator"; + capabilities = [ + "rehash" + "accreg" + "chanreg" + "history" + "defcon" + "massmessage" + ]; + }; + }; + opers = { + admin = { + class = "server-admin"; + password = "$2a$04$uSnmJ2i4AVYR.z/kpCirsuNQGpFLUzsmIogK6qvc9mvf8UMDKjTPG"; + }; + }; + }; + }; + + services.caddy = { + enable = true; + email = "shadows@with.al"; + + virtualHosts = { + "lina.cool" = { + extraConfig = '' + encode gzip + reverse_proxy 127.0.0.1:8001 + ''; + }; + }; + }; + + system.stateVersion = "23.11"; +}