diff options
| author | Dylan <boss@tehbox.org> | 2026-04-29 23:15:45 +1200 |
|---|---|---|
| committer | Dylan <boss@tehbox.org> | 2026-04-29 23:19:15 +1200 |
| commit | f96e43f992211290e3287facc505bea0bc1a3931 (patch) | |
| tree | 02860a965002f0418847cedad2fac2e71208b443 /computers/nixnode.nix | |
| parent | da3a4174ae0a287871e36899893abe9c858ad7e5 (diff) | |
| download | nixos-configuration-f96e43f992211290e3287facc505bea0bc1a3931.tar.gz nixos-configuration-f96e43f992211290e3287facc505bea0bc1a3931.zip | |
Lots of updates
Diffstat (limited to 'computers/nixnode.nix')
| -rw-r--r-- | computers/nixnode.nix | 129 |
1 files changed, 115 insertions, 14 deletions
diff --git a/computers/nixnode.nix b/computers/nixnode.nix index 40d99b1..552bafb 100644 --- a/computers/nixnode.nix +++ b/computers/nixnode.nix @@ -6,9 +6,13 @@ { imports = - [ # Include the results of the hardware scan. + [ inputs.STK.nixosModules.default inputs.sops.nixosModules.sops + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz"; + sha256 = "0f1mq2gdmx9wd0k89f6w61sbfzpd1wwz857l2xvyp1x0msmd2z20"; + }) ]; teh-nix.nix.enable = true; @@ -27,7 +31,7 @@ networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; + time.timeZone = "NZ"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -38,7 +42,7 @@ # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. + # useXkbConfcpfig = true; # use xkb.options in tty. # }; # Enable the X11 windowing system. @@ -54,6 +58,11 @@ sops.secrets = { #"wg/nixy/pub" = { }; "wg/nixnode/priv" = { }; + "acme/linode" = { + owner = "acme"; + mode = "440"; + }; + "mail/boss" = { }; }; networking.firewall = { @@ -62,6 +71,23 @@ allowedUDPPorts = [ 51820 ]; }; + security.acme.acceptTerms = true; + # security.acme.useRoot = true; + security.acme.defaults.email = "boss@tehbox.org"; + # security.acme.certs = { + # "tehbox.org" = + # { + # webroot = "/var/lib/acme/acme-challenge/"; + # email = "boss@tehbox.org"; + # extraDomainNames = (map (sub: sub + ".tehbox.org" ) [ "www" "git" ]); + # #dnsProvider = "linode"; + # # dnsResolver = "92.123.94.2"; + # # dnsPropagationCheck = false; + # #environmentFile = environmentFile; + # }; + # }; + users.groups.acme.members = [ "nginx" ]; + # Wireguard networking = { nat = { @@ -93,20 +119,70 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j }; }; - # services.nginx = { - # enable = true; - # virtualHosts."172.105.172.191" = { - # documentRoot = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; - # }; - # }; + services.nginx = { + enable = true; + virtualHosts = { + "tehbox.org" = { + root = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; + serverAliases = [ "www.tehbox.org" ]; + enableACME = true; + forceSSL = true; + }; + "files.tehbox.org" = { + root = "/srv/files"; + enableACME = true; + forceSSL = true; + }; + "stk.lug.ac" = { + root = "${inputs.self.packages.x86_64-linux.stk-installers}/srv/www"; + enableACME = true; + forceSSL = true; + locations."/".extraConfig = "autoindex on;\n"; + }; + "_" = { + globalRedirect = "tehbox.org"; + }; + }; + }; teh-nix.services.cgit = { enable = true; authorizedKeys = config.users.users.boss.openssh.authorizedKeys.keys; authorizedUsers = [ "boss" ]; - domain = "172.105.172.191"; + domain = "git.tehbox.org"; + enableACME = true; + # useACMEHost = "tehbox.org"; + forceSSL = true; + # onlySSL = true; }; - + + services.znc = { + enable = true; + mutable = true; + useLegacyConfig = false; + openFirewall = true; + config = { + SSLCertFile = "/var/lib/acme/tehbox.org/key.pem"; + LoadModule = [ "webadmin" ]; + User.boss = { + Admin = true; + Pass.password = { + Method = "sha256"; + Hash = "401e8fed9a3ab1f93047b7465fd7cc6b0ca5aaed6b1c0482f0f4331ebdca8647"; + Salt = "*F_-,pqOdiJi;p)JoMnm"; + }; + }; + User.komodo = { + Admin = false; + Pass.password = { + Method = "sha256"; + Hash = "2c624debe3e2672383346230b6acad82192e40df05666481f792a9dd97d935cc"; + Salt = "q9At0+KZvmofZil(3us1"; + }; + }; + }; + }; + services.openssh = { enable = true; settings.PermitRootLogin = "no"; @@ -115,14 +191,36 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j services.superTuxKarts = { enable = true; - port = 2757; + port = 2759; + package = pkgs.superTuxKart; serverOptions = { server-name = "LUG STK server"; - server-mode = 0; + server-mode = 3; server-difficulty = 3; + server-max-players = 16; + track-voting = false; + voting-timeout = 15; private-server-password = "lug@uoa"; - motd = "Server for LUG@UoA\nChampionship coming soon!"; + motd = "Server for LUG@UoA\nChampionship coming now!"; + live-spectate = true; + server-configurable = true; + }; + }; + + mailserver = { + enable = true; + stateVersion = 3; + fqdn = "tehbox.org"; + domains = [ "tehbox.org" ]; + + loginAccounts = { + "boss@tehbox.org" = { + hashedPasswordFile = config.sops.secrets."mail/boss".path; + aliases = ["postmaster@tehbox.org"]; + }; }; + + certificateScheme = "acme"; }; users.users.boss = { @@ -131,6 +229,8 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j home = "/home/boss"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; }; + users.groups.files.members = [ "boss" "nginx" ]; + users.groups.nginx.members = [ "nginx" "znc" ]; environment.systemPackages = with pkgs; [ vim @@ -140,6 +240,7 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j sysstat git inputs.self.packages.x86_64-linux.teh-website + inputs.self.packages.x86_64-linux.stk-installers ]; |