insects/nix-config
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

migrate server configs

Browse source
This commit is contained in:
insects 2024-08-23 13:48:56 +02:00
parent 20278baff4
commit 8ccc16e930
3 changed files with 335 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
servers/flake.lock generated Normal file
View file

@ -0,0 +1,110 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1723991338,
"narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
"path": "/nix/store/d9gbq853jvbccrz5g3y0irbwgc57w137-source",
"rev": "8a3354191c0d7144db9756a74755672387b702ba",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

29
servers/flake.nix Normal file
View file

@ -0,0 +1,29 @@
{
description = "The flake that describes my server configurations";
inputs.deploy-rs.url = "github:serokell/deploy-rs";
outputs =
{ self
, nixpkgs
, deploy-rs
,
}:
{
nixosConfigurations.lunasa = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./lunasa/configuration.nix ];
};
deploy.nodes.lunasa = {
hostname = "lina.cool";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.lunasa;
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

196
servers/lunasa/configuration.nix Normal file
View file

@ -0,0 +1,196 @@
{ modulesPath, pkgs, lib, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
networking.hostName = "lunasa";
zramSwap.enable = true;
services.openssh.enable = true;
boot.tmp.cleanOnBoot = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
nix = {
package = pkgs.nixVersions.nix_2_22;
settings = {
auto-optimise-store = lib.mkDefault true;
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
};
};
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy''
];
networking.firewall.allowedTCPPorts = [
80
443
1935 # the RTMP port for OwnCast
6667 # irc plaintext
];
services.owncast = {
enable = true;
port = 8001;
};
services.ergochat = {
enable = true;
settings = {
accounts = {
authentication-enabled = true;
multiclient = {
allowed-by-default = true;
always-on = "opt-out";
auto-away = "opt-out";
enabled = true;
};
registration = {
allow-before-connect = true;
bcrypt-cost = 4;
email-verification = {
enabled = false;
};
enabled = true;
throttling = {
duration = "10m";
enabled = true;
max-attempts = 30;
};
};
};
channels = {
default-modes = "+ntC";
registration = {
enabled = true;
};
};
datastore = {
autoupgrade = true;
path = "/var/lib/ergo/ircd.db";
};
history = {
autoreplay-on-join = 0;
autoresize-window = "3d";
channel-length = 2048;
chathistory-maxmessages = 100;
client-length = 256;
enabled = true;
restrictions = {
expire-time = "1w";
grace-period = "1h";
query-cutoff = "none";
};
retention = {
allow-individual-delete = false;
enable-account-indexing = false;
};
tagmsg-storage = {
default = false;
whitelist = [
"+draft/react"
"+react"
];
};
znc-maxmessages = 2048;
};
limits = {
awaylen = 390;
channellen = 64;
identlen = 20;
kicklen = 390;
nicklen = 32;
topiclen = 390;
};
network = {
name = "testnetwork";
};
server = {
casemapping = "permissive";
check-ident = false;
enforce-utf = true;
forward-confirm-hostnames = false;
ip-cloaking = {
enabled = false;
};
ip-limits = {
count = false;
throttle = false;
};
listeners = {
":6667" = { };
};
lookup-hostnames = false;
max-sendq = "1M";
name = "example.com";
relaymsg = {
enabled = false;
};
};
oper-classes = {
"chat-moderator" = {
title = "Chat Moderator";
capabilities = [
"kill"
"ban"
"nofakelag"
"relaymsg"
"vhosts"
"sajoin"
"samode"
"snomasks"
"roleplay"
];
};
"server-admin" = {
title = "Server Admin";
extends = "chat-moderator";
capabilities = [
"rehash"
"accreg"
"chanreg"
"history"
"defcon"
"massmessage"
];
};
};
opers = {
admin = {
class = "server-admin";
password = "$2a$04$uSnmJ2i4AVYR.z/kpCirsuNQGpFLUzsmIogK6qvc9mvf8UMDKjTPG";
};
};
};
};
services.caddy = {
enable = true;
email = "shadows@with.al";
virtualHosts = {
"lina.cool" = {
extraConfig = ''
encode gzip
reverse_proxy 127.0.0.1:8001
'';
};
};
};
system.stateVersion = "23.11";
}