{ modulesPath, pkgs, lib, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
networking.hostName = "lunasa";
zramSwap.enable = true;
services.openssh.enable = true;
boot.tmp.cleanOnBoot = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
nix = {
package = pkgs.nixVersions.nix_2_22;
settings = {
auto-optimise-store = lib.mkDefault true;
experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXWOPpEDdVUQEFLucXbxmOhW64QXbCu6lF8vRLlKyoT"
];
networking.firewall.allowedTCPPorts = [
80
443
1935 # the RTMP port for OwnCast
6667 # irc plaintext
25565 # minecraft
];
services.owncast = {
enable = true;
port = 8001;
};
services.ergochat = {
enable = true;
settings = {
accounts = {
authentication-enabled = true;
multiclient = {
allowed-by-default = true;
always-on = "opt-out";
auto-away = "opt-out";
enabled = true;
};
registration = {
allow-before-connect = true;
bcrypt-cost = 4;
email-verification = { enabled = false; };
enabled = true;
throttling = {
duration = "10m";
enabled = true;
max-attempts = 30;
};
};
};
channels = {
default-modes = "+ntC";
registration = { enabled = true; };
};
datastore = {
autoupgrade = true;
path = "/var/lib/ergo/ircd.db";
};
history = {
autoreplay-on-join = 0;
autoresize-window = "3d";
channel-length = 2048;
chathistory-maxmessages = 100;
client-length = 256;
enabled = true;
restrictions = {
expire-time = "1w";
grace-period = "1h";
query-cutoff = "none";
};
retention = {
allow-individual-delete = false;
enable-account-indexing = false;
};
tagmsg-storage = {
default = false;
whitelist = [ "+draft/react" "+react" ];
};
znc-maxmessages = 2048;
};
limits = {
awaylen = 390;
channellen = 64;
identlen = 20;
kicklen = 390;
nicklen = 32;
topiclen = 390;
};
network = { name = "linacastellane"; };
server = {
casemapping = "permissive";
check-ident = false;
enforce-utf = true;
enforce-utf8 = true;
forward-confirm-hostnames = false;
ip-cloaking = { enabled = false; };
ip-limits = {
count = false;
throttle = false;
};
listeners = {
":6667" = { };
"127.0.0.1:8067" = { websocket = true; };
};
lookup-hostnames = false;
max-sendq = "1M";
name = "chat.lina.cool";
relaymsg = { enabled = false; };
};
oper-classes = {
"chat-moderator" = {
title = "Chat Moderator";
capabilities = [
"kill"
"ban"
"nofakelag"
"relaymsg"
"vhosts"
"sajoin"
"samode"
"snomasks"
"roleplay"
];
};
"server-admin" = {
title = "Server Admin";
extends = "chat-moderator";
capabilities =
[ "rehash" "accreg" "chanreg" "history" "defcon" "massmessage" ];
};
};
opers = {
admin = {
class = "server-admin";
password =
"$2a$04$uSnmJ2i4AVYR.z/kpCirsuNQGpFLUzsmIogK6qvc9mvf8UMDKjTPG";
};
};
};
};
services.caddy = {
enable = true;
email = "shadows@with.al";
virtualHosts = {
"live.lina.cool" = {
extraConfig = ''
encode gzip
reverse_proxy 127.0.0.1:8001
'';
};
"irc.lina.cool" = {
extraConfig = ''
handle /websocket {
reverse_proxy 127.0.0.1:8067
}
'';
};
};
};
services.tailscale.enable = true;
networking.nftables = {
enable = true;
ruleset = ''
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
iifname "enp1s0" tcp dport 25565 dnat to 100.66.105.22:25565
}
}
'';
};
networking.nat = {
enable = true;
internalInterfaces = [ "enp1s0" ];
externalInterface = "tailscale0";
forwardPorts = [{
destination = "100.66.105.22:25565";
proto = "tcp";
sourcePort = 25565;
}];
};
system.stateVersion = "23.11";
}