about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--configuration.nix98
-rw-r--r--element-ipfs.nix18
-rw-r--r--ipfs.nix18
-rw-r--r--matrix.nix18
-rw-r--r--static.nix69
5 files changed, 156 insertions, 65 deletions
diff --git a/configuration.nix b/configuration.nix
index fe0ab32..8af1061 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,90 +1,58 @@
-{ config, lib, pkgs, ... }:
-let
-  certs = config.security.acme.certs.${domain};
-  domain = config.networking.domain;
-  bindUserDirs = sources: target: lib.mapAttrs' (user: dir: {
-    name = target + user;
-    value = {
-      device = "${config.users.users.${user}.home}/${dir}";
-      options = [ "bind" ];
-    };
-  }) sources;
-in {
+# Overall configuration
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, pkgs, ... }:
+{
   environment = {
     enableAllTerminfo = true;
-    systemPackages = with pkgs; [ git rsync vim ];
+    systemPackages = with pkgs; [ git htop rsync vim ];
   };
 
-  fileSystems = bindUserDirs {
-    cnx = "www";
-  } "${config.services.nginx.virtualHosts.${domain}.root}/~";
-
   imports = [
     ./ipfs.nix
     ./matrix.nix
+    ./static.nix
     ./vpsadminos.nix
   ];
 
   networking = {
     domain = "loang.net";
-
-    firewall.allowedTCPPorts = [
-      80 # HTTP
-      443 # TLS
-      1965 # Gemini
-    ];
-
     hostName = "brno";
   };
 
-  security = {
-    acme = {
-      acceptTerms = true;
-      defaults.email = "mcsinyx@disroot.org";
-    };
-
-    sudo = {
-      enable = true;
-      execWheelOnly = true;
-      wheelNeedsPassword = false;
-    };
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = false;
   };
 
-  services = {
-    molly-brown = {
-      certPath = "${certs.directory}/cert.pem";
-      docBase = "/var/lib/gemini/${domain}";
-      enable = true;
-      hostName = domain;
-      keyPath = "${certs.directory}/key.pem";
-    };
-
-    nginx = {
-      enable = true;
-      recommendedProxySettings = true;
-      virtualHosts.${domain} = {
-        enableACME = true;
-        forceSSL = true;
-        root = "/var/lib/www/${domain}";
-      };
-    };
-
-    openssh = {
-      enable = true;
-      openFirewall = true;
-      passwordAuthentication = false;
-      ports = [ 2211 ];
-    };
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    passwordAuthentication = false;
+    ports = [ 2211 ];
   };
 
   system.stateVersion = "22.05";
 
-  systemd = {
-    extraConfig = ''
+  systemd.extraConfig = ''
       DefaultTimeoutStartSec=900s
-    '';
-    services.molly-brown.serviceConfig.SupplementaryGroups = [ certs.group ];
-  };
+  '';
 
   time.timeZone = "UTC";
 
diff --git a/element-ipfs.nix b/element-ipfs.nix
index 7121d32..ede1414 100644
--- a/element-ipfs.nix
+++ b/element-ipfs.nix
@@ -1,3 +1,21 @@
+# Package to add Element to IPFS MFS and IPNS
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
 { lib, stdenv, element-web, ipfs, writeText
 , conf ? {}, ipns-key ? "element" }:
 
diff --git a/ipfs.nix b/ipfs.nix
index ace7764..97db78d 100644
--- a/ipfs.nix
+++ b/ipfs.nix
@@ -1,3 +1,21 @@
+# IPFS and IPWHL configuration
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
 { config, pkgs, ... }:
 let domain = config.networking.domain;
 in {
diff --git a/matrix.nix b/matrix.nix
index 5d34644..7bb6a60 100644
--- a/matrix.nix
+++ b/matrix.nix
@@ -1,3 +1,21 @@
+# Matrix client and server setup
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
 { config, pkgs, ... }:
 let
   client = {
diff --git a/static.nix b/static.nix
new file mode 100644
index 0000000..7924aad
--- /dev/null
+++ b/static.nix
@@ -0,0 +1,69 @@
+# Static web and gemini hosting
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, lib, pkgs, ... }:
+let
+  certs = config.security.acme.certs.${domain};
+  domain = config.networking.domain;
+  bindUserDirs = sources: target: lib.mapAttrs' (user: dir: {
+    name = target + user;
+    value = {
+      device = "${config.users.users.${user}.home}/${dir}";
+      options = [ "bind" ];
+    };
+  }) sources;
+in {
+  fileSystems = bindUserDirs {
+    cnx = "www";
+  } "${config.services.nginx.virtualHosts.${domain}.root}/~";
+
+  networking.firewall.allowedTCPPorts = [
+    80 # HTTP
+    443 # TLS
+    1965 # Gemini
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "mcsinyx@disroot.org";
+  };
+
+  services = {
+    molly-brown = {
+      certPath = "${certs.directory}/cert.pem";
+      docBase = "/var/lib/gemini/${domain}";
+      enable = true;
+      hostName = domain;
+      keyPath = "${certs.directory}/key.pem";
+    };
+
+    nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      virtualHosts.${domain} = {
+        enableACME = true;
+        forceSSL = true;
+        root = "/var/lib/www/${domain}";
+      };
+    };
+  };
+
+  systemd.services.molly-brown.serviceConfig.SupplementaryGroups = [
+    certs.group
+  ];
+}