clay53/cos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cos/loadedskypotato/configuration.nix

721 lines
19 KiB
Nix
Raw Blame History

{ lib, config, pkgs, inputs, ... }:
let
ClaytonXYZ = "/Block/ClaytonXYZ";
nixpkgs-mautrix-nix = (import inputs.nixpkgs {
system = "x86_64-linux";
config = {
permittedInsecurePackages = [ "olm-3.2.16" ];
};
});
in
{
imports =
[
./hardware-configuration.nix
./remoteBuild.nix
./grocy.nix
./tandoor.nix
./mealie.nix
./matomo.nix
./trilium.nix
];
cos.grocy = {
enable = true;
dataDir = "/Block/grocy";
hostname = "grocy.claytonhickey.me";
};
cos.tandoor = {
enable = false;
hostname = "tandoor.claytonhickey.me";
port = 8123;
};
cos.mealie = {
enable = false;
port = 8129;
hostname = "mealie.claytonhickey.me";
};
cos.matomo = {
enable = false;
hostname = "matomo.claytonhickey.me";
};
cos.trilium = {
enable = true;
hostname = "trilium.claytonhickey.me";
dataDir = "/Block/trilium";
port = 8578;
};
services.nginx.virtualHosts."claytonhickey.me_fs" =
let
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
listen = [{
addr = "127.0.0.1";
port = 8302;
}];
locations."/" = {
root = "/Block/claytonhickey_me/www";
extraConfig = ''absolute_redirect off;'';
};
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {"m.server" = "matrix.claytonhickey.me:443";};
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {"m.homeserver" = {base_url = "https://matrix.claytonhickey.me";};};
locations."/.well-known/webfinger" = {
extraConfig = ''
add_header Access-Control-Allow-Origin '*';
'';
return = "301 https://mastodon.claytonhickey.me$request_uri";
};
};
services.nginx.virtualHosts."matrix.claytonhickey.me" =
{
listen = [{
addr = "127.0.0.1";
port = 8303;
}];
locations."/".extraConfig = '' return 404; '';
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
};
services.nginx.virtualHosts."bikeability-rasterserver.claytonhickey.me" =
{
listen = [{
addr = "127.0.0.1";
port = 8304;
}];
locations."/".proxyPass = "http://10.100.0.2:9000/styles/bikeability/512/";
};
services.cloudflared = {
enable = true;
certificateFile = "/Block/cloudflare/cert.pem";
tunnels = {
"4fc85af1-38f7-4c96-856c-7c797c5e3bf8" = {
credentialsFile = "/Block/cloudflare/4fc85af1-38f7-4c96-856c-7c797c5e3bf8.json";
default = "http_status:404";
ingress = {
"languini.net" = "http://10.100.0.2:5267";
"claytondoesthings.xyz" = "http://127.0.0.1:5000";
"nextcloud.claytondoesthings.xyz" = "http://10.100.0.2:8120";
"bikeability.claytonhickey.me" = "http://10.100.0.2:8001";
"bikeability-tileserver.claytonhickey.me" = "http://10.100.0.2:8000";
"bikeability-rasterserver.claytonhickey.me" = "http://127.0.0.1:8304";
"claytonhickey.me" = "http://127.0.0.1:8302";
"jellyfin.claytonhickey.me" = "http://10.100.0.2:8096";
"forgejo.claytonhickey.me" = "unix://${config.services.forgejo.settings.server.HTTP_ADDR}";
"matrix.claytonhickey.me" = "http://127.0.0.1:8303";
"actual.claytonhickey.me" = "http://127.0.0.1:3000";
"mastodon.claytonhickey.me" = "http://10.100.0.2:5328";
};
};
};
};
services.dnsmasq = {
enable = true;
settings = {
address = [
#"/nextcloud.claytondoesthings.xyz/fc10::1"
#"/nextcloud.claytondoesthings.xyz/10.100.0.1"
"/hydra.claytonhickey.me/10.100.0.2"
#"/forgejo.claytonhickey.me/fc10::1"
#"/forgejo.claytonhickey.me/10.100.0.1"
];
#"dns-rr" = [
# "nextcloud.claytondoesthings.xyz,65,000100"
# "forgejo.claytonhickey.me,65,000100"
#];
};
};
boot.loader.grub.enable = true;
networking = {
hostName = "loadedskypotato"; # Define your hostname.
networkmanager.enable = true; # Easiest to use and most distros use this by default.
usePredictableInterfaceNames = false;
useDHCP = false;
firewall = {
allowedUDPPorts = [
51820 # wireguard
];
interfaces.wg0 = {
allowedUDPPorts = [
53
];
allowedTCPPorts = [
53
];
};
};
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "eth0";
internalInterfaces = [
"wg0"
];
};
wireguard = {
enable = true;
interfaces = {
wg0 = {
ips = [
"10.100.0.1/32"
"fc10::1/128"
];
listenPort = 51820;
#postSetup = ''
# ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
# ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53
# ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53
# ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc10::2/128 -o eth0 -j MASQUERADE
# ${pkgs.iptables}/bin/ip6tables -t nat -A PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53
# ${pkgs.iptables}/bin/ip6tables -t nat -A PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53
#'';
#postShutdown = ''
# ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
# ${pkgs.iptables}/bin/iptables -t nat -D PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53
# ${pkgs.iptables}/bin/iptables -t nat -D PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53
# ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc10::2/128 -o eth0 -j MASQUERADE
# ${pkgs.iptables}/bin/ip6tables -t nat -D PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53
# ${pkgs.iptables}/bin/ip6tables -t nat -D PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53
#'';
privateKeyFile = "/Block/wireguard-keys/private";
peers = [
{ # fire-media-server
publicKey = "TnuODb+I5wfF6z5wlwOFiRr4CKImY557OIXyZCXPSio=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = [ "10.100.0.2/32" "fc10::2/128"];
}
{ # laptop
publicKey = "7Hi/p1DEnAejX5vf46ul1ZWAeGM9nuWWGXXr9f6sUWA=";
allowedIPs = [ "10.100.0.3/32" "fc10::3/128" ];
}
{ # phone
publicKey = "UAP8/k1zWInrksQQAf0NuDUD1b0K0djDVUcYl+DNMEE=";
allowedIPs = [ "10.100.0.4/32" ];
}
{ # desktop
publicKey = "w054mlSBBq4u0ilTYfwc2xbb5Z+7kEigikSZ3R0u73w=";
allowedIPs = [ "10.100.0.5/32" ];
}
{ # octonix
publicKey = "5l1fL2LJP5yhuLoqfEtlR5/DJ6h+F+iLEKlr/uaI02o=";
allowedIPs = [ "10.100.0.6/32" ];
}
];
};
};
};
};
time.timeZone = "America/New_York";
services = {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
forgejo = {
enable = true;
settings = {
server = {
PROTOCOL = "http+unix";
ROOT_URL = "https://forgejo.claytonhickey.me/";
};
service.DISABLE_REGISTRATION = true;
};
};
actual = {
enable = true;
settings = {
hostname = "127.0.0.1";
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "1G";
logError = "/var/log/nginx/error.log";
virtualHosts = {
"default_server" = {
default = true;
rejectSSL = true;
locations."/".return = 404;
};
};
};
postgresql = {
enable = true;
ensureDatabases = [
"matrix-synapse"
#"mautrix-gmessages"
"mautrix-discord"
];
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
#{
# name = "mautrix-gmessages";
# ensureDBOwnership = true;
# ensureClauses = {
# login = true;
# };
#}
{
name = "mautrix-discord";
ensureDBOwnership = true;
ensureClauses = {
login = true;
};
}
];
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
host sameuser all 127.0.0.1/32 scram-sha-256
host sameuser all ::1/128 scram-sha-256
'';
};
matrix-synapse = {
enable = true;
settings = {
server_name = "claytonhickey.me";
public_baseurl = "https://matrix.claytonhickey.me";
listeners = [
{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
app_service_config_files = [
#"/var/lib/matrix-synapse/slack-registration.yaml"
#"/var/lib/matrix-synapse/gmessages-registration.yaml"
"/var/lib/matrix-synapse/discord-registration.yaml"
];
};
};
mautrix-meta = {
instances = {
instagram = {
enable = true;
registerToSynapse = true;
settings = {
network = {
mode = "instagram";
ig_e2ee = true;
displayname_template = "{{or .DisplayName .Username \"Unknown User\"}}";
proxy_media = false;
min_full_reconnect_interval_seconds = 3600;
force_refresh_interval_seconds = 72000;
disable_xma_backfill = true;
disable_xma_always = false;
};
bridge = {
command_prefix = "!instagram";
personal_filtering_spaces = true;
private_chat_protal_meta = true;
async_events = false;
split_portals = false;
resend_bridge_info = false;
no_bridge_info_state_key = false;
bridge_matrix_leave = false;
tag_only_on_create = true;
only_bridge_tags = [ "m.favourite" "m.lowpriority" ];
mute_only_on_create = true;
cleanup_on_logout = {
enabled = false;
};
relay = {
enabled = false;
};
permissions = {
"*" = "relay";
"claytonhickey.me" = "user";
"@clay53:claytonhickey.me" = "admin";
};
};
database = {
type = "sqlite3-fk-wal";
uri = "file:/var/lib/${config.services.mautrix-meta.instances.instagram.dataDir}/mautrix-meta.db?_txlock=immediate";
};
homeserver = {
address = config.services.matrix-synapse.settings.public_baseurl;
domain = config.services.matrix-synapse.settings.server_name;
software = "standard";
async_media = false;
websocket = false;
ping_interval_seconds = 0;
};
appservice = {
address = "http://localhost:29319";
hostname = "127.0.0.1";
port = 29319;
id = "instagram";
bot = {
username = "instagrambot";
displayname = "Instagram bridge bot";
avatar = "mxc://maunium.net/DxpVrwwzPUwaUSazpsjXgcKB";
};
ephemeral_events = true;
async_transactions = true;
username_template = "instagram_{{.}}";
};
matrix = {
message_status_events = false;
delivery_recepts = false;
message_error_notices = true;
sync_direct_chat_list = true;
federate_rooms = true;
uplad_file_threshold = 5242880;
};
analytics = {
token = null;
url = "https://api.segment.io/v1/track";
user_id = null;
};
provisioning = {
prefix = "/_matrix/provision";
shard_secret = "generate";
allow_matrix_auth = true;
debug_endpoints = false;
};
public_media = {
enabled = false;
};
direct_media = {
enabled = false;
};
backfill = {
enable = true;
max_initial_messages = 50;
max_catchup_messages= 500;
unread_hours_threshold = 720;
threads = {
max_initial_messages = 50;
};
queue = {
enabled = false;
};
};
encryption = {
allow = true;
default = true;
};
logging = {
min_level = "debug";
writers = [
{
type = "stdout";
format = "pretty-colored";
}
];
};
};
};
facebook = {
enable = true;
registerToSynapse = true;
settings = {
network = {
mode = "facebook";
ig_e2ee = false;
displayname_template = "{{or .DisplayName .Username \"Unknown User\"}}";
proxy_media = false;
min_full_reconnect_interval_seconds = 3600;
force_refresh_interval_seconds = 72000;
disable_xma_backfill = true;
disable_xma_always = false;
};
bridge = {
command_prefix = "!facebook";
personal_filtering_spaces = true;
private_chat_protal_meta = true;
async_events = false;
split_portals = false;
resend_bridge_info = false;
no_bridge_info_state_key = false;
bridge_matrix_leave = false;
tag_only_on_create = true;
only_bridge_tags = [ "m.favourite" "m.lowpriority" ];
mute_only_on_create = true;
cleanup_on_logout = {
enabled = false;
};
relay = {
enabled = false;
};
permissions = {
"*" = "relay";
"claytonhickey.me" = "user";
"@clay53:claytonhickey.me" = "admin";
};
};
database = {
type = "sqlite3-fk-wal";
uri = "file:/var/lib/${config.services.mautrix-meta.instances.facebook.dataDir}/mautrix-meta.db?_txlock=immediate";
};
homeserver = {
address = config.services.matrix-synapse.settings.public_baseurl;
domain = config.services.matrix-synapse.settings.server_name;
software = "standard";
async_media = false;
websocket = false;
ping_interval_seconds = 0;
};
appservice = {
address = "http://localhost:29320";
hostname = "127.0.0.1";
port = 29320;
id = "facebook";
bot = {
username = "facebookbot";
displayname = "Facebook bridge bot";
avatar = "mxc://maunium.net/DxpVrwwzPUwaUSazpsjXgcKB";
};
ephemeral_events = true;
async_transactions = true;
username_template = "facebook_{{.}}";
};
matrix = {
message_status_events = false;
delivery_recepts = false;
message_error_notices = true;
sync_direct_chat_list = true;
federate_rooms = true;
uplad_file_threshold = 5242880;
};
analytics = {
token = null;
url = "https://api.segment.io/v1/track";
user_id = null;
};
provisioning = {
prefix = "/_matrix/provision";
shard_secret = "generate";
allow_matrix_auth = true;
debug_endpoints = false;
};
public_media = {
enabled = false;
};
direct_media = {
enabled = false;
};
backfill = {
enable = true;
max_initial_messages = 50;
max_catchup_messages= 500;
unread_hours_threshold = 720;
threads = {
max_initial_messages = 50;
};
queue = {
enabled = false;
};
};
encryption = {
allow = true;
default = true;
};
logging = {
min_level = "debug";
writers = [
{
type = "stdout";
format = "pretty-colored";
}
];
};
};
};
};
};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
neovim
wget
inetutils
mtr
sysstat
htop
git
ocaml
#nixpkgs-mautrix-nix.mautrix-slack
#mautrix-gmessages
mautrix-meta
mautrix-discord
ncdu
tcpdump
cloudflared
];
systemd = {
services = {
ClaytonXYZ = {
wantedBy = [ "default.target" ];
description = "claytondoesthings website";
environment = {
STATIC_DIR = "${ClaytonXYZ}/s";
DOMAIN = "https://claytondoesthings.xyz";
ROCKET_PORT = "5000";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${ClaytonXYZ}/target/release/clayton_xyz'';
};
};
#iloveu = {
# wantedBy = [ "default.target" ];
# description = "iloveu server";
# serviceConfig = {
# Type = "simple";
# ExecStart = ''${iloveu.server}/bin/iloveu-server --address 127.0.0.1:5001 --password "N86QVNwNZe!oXz" --transactions-dir /Block/iloveu'';
# };
#};
claytonhickeymeUpdate = {
description = "update claytonhickeyme website";
wantedBy = [ "default.target" ];
path = [ pkgs.git pkgs.ocaml pkgs.nix ];
environment = {
NIX_PATH="/root/.nix-defexpr/channels:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
};
script = ''#!/bin/sh
cd /Block/claytonhickey_me
./update.sh
'';
serviceConfig.Type = "oneshot";
startAt = "*:0/2";
};
#api_claytonhickey_me = {
# description = "api for claytonhickeyme website";
# wantedBy = [ "default.target" ];
# path = [ pkgs.nix pkgs.bash ];
# environment = {
# NIX_PATH="/root/.nix-defexpr/channels:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
# HOME="/root";
# };
# script = ''#!/bin/sh
# cd /Block/api_claytonhickey_me
# nix run 'github:mitchellh/zig-overlay#master-2025-01-20' --extra-experimental-features nix-command --extra-experimental-features flakes build run
# '';
#};
#mcServer = {
# description = "Minecraft";
# wantedBy = [ "default.target" ];
# path = [ pkgs.jdk21 ];
# script = ''#!/bin/sh
# cd /Block/mc-server
# ./start.sh
# '';
#};
#mautrix-slack = {
# wantedBy = [ "default.target" ];
# description = "Mautrix-slack";
# serviceConfig = {
# Type = "simple";
# User = "mautrix-slack";
# ExecStart = ''${nixpkgs-mautrix-nix.mautrix-slack}/bin/mautrix-slack -c /opt/mautrix-slack/slack-config.yaml -r /var/lib/matrix-synapse/slack-registration.yaml'';
# };
#};
#mautrix-gmessages = {
# wantedBy = [ "default.target" ];
# description = "Mautrix-gmessages";
# serviceConfig = {
# Type = "simple";
# User = "mautrix-gmessages";
# ExecStart = ''${pkgs.mautrix-gmessages}/bin/mautrix-gmessages -c /opt/mautrix-gmessages/config.yaml -r /var/lib/matrix-synapse/gmessages-registration.yaml'';
# };
#};
mautrix-discord = {
wantedBy = [ "default.target" ];
description = "Mautrix-discord";
serviceConfig = {
Type = "simple";
User = "mautrix-discord";
ExecStart = ''${pkgs.mautrix-discord}/bin/mautrix-discord -c /opt/mautrix-discord/config.yaml -r /var/lib/matrix-synapse/discord-registration.yaml'';
};
};
};
};
users = {
groups = {
#mautrix-slack = {};
#mautrix-gmessages = {};
mautrix-discord = {};
};
users = {
#mautrix-slack = {
# isSystemUser = true;
# home = "/opt/mautrix-slack";
# group = "mautrix-slack";
# createHome = true;
# useDefaultShell = true;
#};
#mautrix-gmessages = {
# isSystemUser = true;
# home = "/opt/mautrix-gmessages";
# group = "mautrix-gmessages";
# createHome = true;
# useDefaultShell = true;
#};
mautrix-discord = {
isSystemUser = true;
home = "/opt/mautrix-discord";
group = "mautrix-discord";
createHome = true;
useDefaultShell = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "clayton@claytondoesthings.xyz";
};
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16"
];
};
system.stateVersion = "23.05";
}
Reference in a new issue View git blame Copy permalink