diff options
| author | Dylan <boss@tehbox.org> | 2026-04-29 23:15:45 +1200 |
|---|---|---|
| committer | Dylan <boss@tehbox.org> | 2026-04-29 23:19:15 +1200 |
| commit | f96e43f992211290e3287facc505bea0bc1a3931 (patch) | |
| tree | 02860a965002f0418847cedad2fac2e71208b443 /computers | |
| parent | da3a4174ae0a287871e36899893abe9c858ad7e5 (diff) | |
| download | nixos-configuration-f96e43f992211290e3287facc505bea0bc1a3931.tar.gz nixos-configuration-f96e43f992211290e3287facc505bea0bc1a3931.zip | |
Lots of updates
Diffstat (limited to 'computers')
| -rw-r--r-- | computers/nixnode.nix | 129 | ||||
| -rw-r--r-- | computers/nixy.nix | 33 |
2 files changed, 138 insertions, 24 deletions
diff --git a/computers/nixnode.nix b/computers/nixnode.nix index 40d99b1..552bafb 100644 --- a/computers/nixnode.nix +++ b/computers/nixnode.nix @@ -6,9 +6,13 @@ { imports = - [ # Include the results of the hardware scan. + [ inputs.STK.nixosModules.default inputs.sops.nixosModules.sops + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz"; + sha256 = "0f1mq2gdmx9wd0k89f6w61sbfzpd1wwz857l2xvyp1x0msmd2z20"; + }) ]; teh-nix.nix.enable = true; @@ -27,7 +31,7 @@ networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; + time.timeZone = "NZ"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -38,7 +42,7 @@ # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. + # useXkbConfcpfig = true; # use xkb.options in tty. # }; # Enable the X11 windowing system. @@ -54,6 +58,11 @@ sops.secrets = { #"wg/nixy/pub" = { }; "wg/nixnode/priv" = { }; + "acme/linode" = { + owner = "acme"; + mode = "440"; + }; + "mail/boss" = { }; }; networking.firewall = { @@ -62,6 +71,23 @@ allowedUDPPorts = [ 51820 ]; }; + security.acme.acceptTerms = true; + # security.acme.useRoot = true; + security.acme.defaults.email = "boss@tehbox.org"; + # security.acme.certs = { + # "tehbox.org" = + # { + # webroot = "/var/lib/acme/acme-challenge/"; + # email = "boss@tehbox.org"; + # extraDomainNames = (map (sub: sub + ".tehbox.org" ) [ "www" "git" ]); + # #dnsProvider = "linode"; + # # dnsResolver = "92.123.94.2"; + # # dnsPropagationCheck = false; + # #environmentFile = environmentFile; + # }; + # }; + users.groups.acme.members = [ "nginx" ]; + # Wireguard networking = { nat = { @@ -93,20 +119,70 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j }; }; - # services.nginx = { - # enable = true; - # virtualHosts."172.105.172.191" = { - # documentRoot = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; - # }; - # }; + services.nginx = { + enable = true; + virtualHosts = { + "tehbox.org" = { + root = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; + serverAliases = [ "www.tehbox.org" ]; + enableACME = true; + forceSSL = true; + }; + "files.tehbox.org" = { + root = "/srv/files"; + enableACME = true; + forceSSL = true; + }; + "stk.lug.ac" = { + root = "${inputs.self.packages.x86_64-linux.stk-installers}/srv/www"; + enableACME = true; + forceSSL = true; + locations."/".extraConfig = "autoindex on;\n"; + }; + "_" = { + globalRedirect = "tehbox.org"; + }; + }; + }; teh-nix.services.cgit = { enable = true; authorizedKeys = config.users.users.boss.openssh.authorizedKeys.keys; authorizedUsers = [ "boss" ]; - domain = "172.105.172.191"; + domain = "git.tehbox.org"; + enableACME = true; + # useACMEHost = "tehbox.org"; + forceSSL = true; + # onlySSL = true; }; - + + services.znc = { + enable = true; + mutable = true; + useLegacyConfig = false; + openFirewall = true; + config = { + SSLCertFile = "/var/lib/acme/tehbox.org/key.pem"; + LoadModule = [ "webadmin" ]; + User.boss = { + Admin = true; + Pass.password = { + Method = "sha256"; + Hash = "401e8fed9a3ab1f93047b7465fd7cc6b0ca5aaed6b1c0482f0f4331ebdca8647"; + Salt = "*F_-,pqOdiJi;p)JoMnm"; + }; + }; + User.komodo = { + Admin = false; + Pass.password = { + Method = "sha256"; + Hash = "2c624debe3e2672383346230b6acad82192e40df05666481f792a9dd97d935cc"; + Salt = "q9At0+KZvmofZil(3us1"; + }; + }; + }; + }; + services.openssh = { enable = true; settings.PermitRootLogin = "no"; @@ -115,14 +191,36 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j services.superTuxKarts = { enable = true; - port = 2757; + port = 2759; + package = pkgs.superTuxKart; serverOptions = { server-name = "LUG STK server"; - server-mode = 0; + server-mode = 3; server-difficulty = 3; + server-max-players = 16; + track-voting = false; + voting-timeout = 15; private-server-password = "lug@uoa"; - motd = "Server for LUG@UoA\nChampionship coming soon!"; + motd = "Server for LUG@UoA\nChampionship coming now!"; + live-spectate = true; + server-configurable = true; + }; + }; + + mailserver = { + enable = true; + stateVersion = 3; + fqdn = "tehbox.org"; + domains = [ "tehbox.org" ]; + + loginAccounts = { + "boss@tehbox.org" = { + hashedPasswordFile = config.sops.secrets."mail/boss".path; + aliases = ["postmaster@tehbox.org"]; + }; }; + + certificateScheme = "acme"; }; users.users.boss = { @@ -131,6 +229,8 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j home = "/home/boss"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; }; + users.groups.files.members = [ "boss" "nginx" ]; + users.groups.nginx.members = [ "nginx" "znc" ]; environment.systemPackages = with pkgs; [ vim @@ -140,6 +240,7 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j sysstat git inputs.self.packages.x86_64-linux.teh-website + inputs.self.packages.x86_64-linux.stk-installers ]; diff --git a/computers/nixy.nix b/computers/nixy.nix index 50e4f22..bcdf3aa 100644 --- a/computers/nixy.nix +++ b/computers/nixy.nix @@ -113,7 +113,7 @@ }; programs.hyprland = { - enable = true; + enable = false; #package = inputs.hyprland.packages.${pkgs.system}.hyprland; #portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; }; @@ -133,13 +133,12 @@ # Enable sound. #sound.enable = true; - services.pipewire = - { - enable = true; - alsa.enable = false; - alsa.support32Bit = false; - pulse.enable = true; - }; + services.pipewire = { + enable = true; + alsa.enable = false; + alsa.support32Bit = false; + pulse.enable = true; + }; services.upower.enable = true; @@ -180,6 +179,15 @@ hardware.graphics.enable32Bit = true; programs.steam = { enable = true; + package = pkgs.steam.override { + extraEnv = { + __NV_PRIME_RENDER_OFFLOAD=1; + __NV_PRIME_RENDER_OFFLOAD_PROVIDER="NVIDIA-G0"; + __GLX_VENDOR_LIBRARY_NAME="nvidia"; + __VK_LAYER_NV_optimus="NVIDIA_only"; + }; + }; + extraCompatPackages = with pkgs; [ proton-ge-bin ]; @@ -204,16 +212,21 @@ "f /var/lib/systemd/linger/boss" # enables lingering ]; + # programs.dconf.enable = true; + services.ratbagd.enable = true; + # xdg.portal.enable = true; + # services.flatpak.enable = true; + stylix = { enable = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/material-palenight.yaml"; image = ../wallpaper.png; - targets.grub.useImage = true; + targets.grub.useWallpaper = true; opacity = { terminal = 0.8; @@ -238,7 +251,7 @@ }; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; |