diff options
| -rw-r--r-- | configuration.nix | 98 | ||||
| -rw-r--r-- | element-ipfs.nix | 18 | ||||
| -rw-r--r-- | ipfs.nix | 18 | ||||
| -rw-r--r-- | matrix.nix | 18 | ||||
| -rw-r--r-- | static.nix | 69 |
5 files changed, 156 insertions, 65 deletions
diff --git a/configuration.nix b/configuration.nix index fe0ab32..8af1061 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,90 +1,58 @@ -{ config, lib, pkgs, ... }: -let - certs = config.security.acme.certs.${domain}; - domain = config.networking.domain; - bindUserDirs = sources: target: lib.mapAttrs' (user: dir: { - name = target + user; - value = { - device = "${config.users.users.${user}.home}/${dir}"; - options = [ "bind" ]; - }; - }) sources; -in { +# Overall configuration +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, pkgs, ... }: +{ environment = { enableAllTerminfo = true; - systemPackages = with pkgs; [ git rsync vim ]; + systemPackages = with pkgs; [ git htop rsync vim ]; }; - fileSystems = bindUserDirs { - cnx = "www"; - } "${config.services.nginx.virtualHosts.${domain}.root}/~"; - imports = [ ./ipfs.nix ./matrix.nix + ./static.nix ./vpsadminos.nix ]; networking = { domain = "loang.net"; - - firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # TLS - 1965 # Gemini - ]; - hostName = "brno"; }; - security = { - acme = { - acceptTerms = true; - defaults.email = "mcsinyx@disroot.org"; - }; - - sudo = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; + security.sudo = { + enable = true; + execWheelOnly = true; + wheelNeedsPassword = false; }; - services = { - molly-brown = { - certPath = "${certs.directory}/cert.pem"; - docBase = "/var/lib/gemini/${domain}"; - enable = true; - hostName = domain; - keyPath = "${certs.directory}/key.pem"; - }; - - nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - root = "/var/lib/www/${domain}"; - }; - }; - - openssh = { - enable = true; - openFirewall = true; - passwordAuthentication = false; - ports = [ 2211 ]; - }; + services.openssh = { + enable = true; + openFirewall = true; + passwordAuthentication = false; + ports = [ 2211 ]; }; system.stateVersion = "22.05"; - systemd = { - extraConfig = '' + systemd.extraConfig = '' DefaultTimeoutStartSec=900s - ''; - services.molly-brown.serviceConfig.SupplementaryGroups = [ certs.group ]; - }; + ''; time.timeZone = "UTC"; diff --git a/element-ipfs.nix b/element-ipfs.nix index 7121d32..ede1414 100644 --- a/element-ipfs.nix +++ b/element-ipfs.nix @@ -1,3 +1,21 @@ +# Package to add Element to IPFS MFS and IPNS +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + { lib, stdenv, element-web, ipfs, writeText , conf ? {}, ipns-key ? "element" }: diff --git a/ipfs.nix b/ipfs.nix index ace7764..97db78d 100644 --- a/ipfs.nix +++ b/ipfs.nix @@ -1,3 +1,21 @@ +# IPFS and IPWHL configuration +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + { config, pkgs, ... }: let domain = config.networking.domain; in { diff --git a/matrix.nix b/matrix.nix index 5d34644..7bb6a60 100644 --- a/matrix.nix +++ b/matrix.nix @@ -1,3 +1,21 @@ +# Matrix client and server setup +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + { config, pkgs, ... }: let client = { diff --git a/static.nix b/static.nix new file mode 100644 index 0000000..7924aad --- /dev/null +++ b/static.nix @@ -0,0 +1,69 @@ +# Static web and gemini hosting +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, lib, pkgs, ... }: +let + certs = config.security.acme.certs.${domain}; + domain = config.networking.domain; + bindUserDirs = sources: target: lib.mapAttrs' (user: dir: { + name = target + user; + value = { + device = "${config.users.users.${user}.home}/${dir}"; + options = [ "bind" ]; + }; + }) sources; +in { + fileSystems = bindUserDirs { + cnx = "www"; + } "${config.services.nginx.virtualHosts.${domain}.root}/~"; + + networking.firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # TLS + 1965 # Gemini + ]; + + security.acme = { + acceptTerms = true; + defaults.email = "mcsinyx@disroot.org"; + }; + + services = { + molly-brown = { + certPath = "${certs.directory}/cert.pem"; + docBase = "/var/lib/gemini/${domain}"; + enable = true; + hostName = domain; + keyPath = "${certs.directory}/key.pem"; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + root = "/var/lib/www/${domain}"; + }; + }; + }; + + systemd.services.molly-brown.serviceConfig.SupplementaryGroups = [ + certs.group + ]; +} |