migrate server configs

2024-08-23 13:48:56 +02:00 · 2024-08-23 13:48:56 +02:00 · 8ccc16e930
commit 8ccc16e930
parent 20278baff4
3 changed files with 335 additions and 0 deletions
--- a/servers/flake.lock
+++ b/servers/flake.lock
@ -0,0 +1,110 @@
+{
+  "nodes": {
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1718194053,
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1702272962,
+        "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1723991338,
+        "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
+        "path": "/nix/store/d9gbq853jvbccrz5g3y0irbwgc57w137-source",
+        "rev": "8a3354191c0d7144db9756a74755672387b702ba",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "deploy-rs": "deploy-rs",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/servers/flake.nix
+++ b/servers/flake.nix
@ -0,0 +1,29 @@
+{
+  description = "The flake that describes my server configurations";
+
+  inputs.deploy-rs.url = "github:serokell/deploy-rs";
+
+  outputs =
+    { self
+    , nixpkgs
+    , deploy-rs
+    ,
+    }:
+    {
+      nixosConfigurations.lunasa = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ ./lunasa/configuration.nix ];
+      };
+
+      deploy.nodes.lunasa = {
+        hostname = "lina.cool";
+        sshUser = "root";
+        profiles.system = {
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.lunasa;
+        };
+      };
+
+      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+    };
+}
--- a/servers/lunasa/configuration.nix
+++ b/servers/lunasa/configuration.nix
@ -0,0 +1,196 @@
+{ modulesPath, pkgs, lib, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  networking.hostName = "lunasa";
+  zramSwap.enable = true;
+  services.openssh.enable = true;
+  boot.tmp.cleanOnBoot = true;
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+    "vmw_pvscsi"
+  ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+
+  nix = {
+    package = pkgs.nixVersions.nix_2_22;
+
+    settings = {
+      auto-optimise-store = lib.mkDefault true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        "ca-derivations"
+      ];
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy''
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    1935 # the RTMP port for OwnCast
+    6667 # irc plaintext
+  ];
+
+  services.owncast = {
+    enable = true;
+    port = 8001;
+  };
+
+  services.ergochat = {
+    enable = true;
+    settings = {
+      accounts = {
+        authentication-enabled = true;
+        multiclient = {
+          allowed-by-default = true;
+          always-on = "opt-out";
+          auto-away = "opt-out";
+          enabled = true;
+        };
+        registration = {
+          allow-before-connect = true;
+          bcrypt-cost = 4;
+          email-verification = {
+            enabled = false;
+          };
+          enabled = true;
+          throttling = {
+            duration = "10m";
+            enabled = true;
+            max-attempts = 30;
+          };
+        };
+      };
+      channels = {
+        default-modes = "+ntC";
+        registration = {
+          enabled = true;
+        };
+      };
+      datastore = {
+        autoupgrade = true;
+        path = "/var/lib/ergo/ircd.db";
+      };
+      history = {
+        autoreplay-on-join = 0;
+        autoresize-window = "3d";
+        channel-length = 2048;
+        chathistory-maxmessages = 100;
+        client-length = 256;
+        enabled = true;
+        restrictions = {
+          expire-time = "1w";
+          grace-period = "1h";
+          query-cutoff = "none";
+        };
+        retention = {
+          allow-individual-delete = false;
+          enable-account-indexing = false;
+        };
+        tagmsg-storage = {
+          default = false;
+          whitelist = [
+            "+draft/react"
+            "+react"
+          ];
+        };
+        znc-maxmessages = 2048;
+      };
+      limits = {
+        awaylen = 390;
+        channellen = 64;
+        identlen = 20;
+        kicklen = 390;
+        nicklen = 32;
+        topiclen = 390;
+      };
+      network = {
+        name = "testnetwork";
+      };
+      server = {
+        casemapping = "permissive";
+        check-ident = false;
+        enforce-utf = true;
+        forward-confirm-hostnames = false;
+        ip-cloaking = {
+          enabled = false;
+        };
+        ip-limits = {
+          count = false;
+          throttle = false;
+        };
+        listeners = {
+          ":6667" = { };
+        };
+        lookup-hostnames = false;
+        max-sendq = "1M";
+        name = "example.com";
+        relaymsg = {
+          enabled = false;
+        };
+      };
+      oper-classes = {
+        "chat-moderator" = {
+          title = "Chat Moderator";
+          capabilities = [
+            "kill"
+            "ban"
+            "nofakelag"
+            "relaymsg"
+            "vhosts"
+            "sajoin"
+            "samode"
+            "snomasks"
+            "roleplay"
+          ];
+        };
+        "server-admin" = {
+          title = "Server Admin";
+          extends = "chat-moderator";
+          capabilities = [
+            "rehash"
+            "accreg"
+            "chanreg"
+            "history"
+            "defcon"
+            "massmessage"
+          ];
+        };
+      };
+      opers = {
+        admin = {
+          class = "server-admin";
+          password = "$2a$04$uSnmJ2i4AVYR.z/kpCirsuNQGpFLUzsmIogK6qvc9mvf8UMDKjTPG";
+        };
+      };
+    };
+  };
+
+  services.caddy = {
+    enable = true;
+    email = "shadows@with.al";
+
+    virtualHosts = {
+      "lina.cool" = {
+        extraConfig = ''
+          encode gzip
+          reverse_proxy 127.0.0.1:8001
+        '';
+      };
+    };
+  };
+
+  system.stateVersion = "23.11";
+}