diff options
-rw-r--r-- | vps-configuration.nix | 272 |
1 files changed, 0 insertions, 272 deletions
diff --git a/vps-configuration.nix b/vps-configuration.nix deleted file mode 100644 index 9189c34..0000000 --- a/vps-configuration.nix +++ /dev/null @@ -1,272 +0,0 @@ -{ config, pkgs, ... }: - -let - envsubstConfiguration = - pkgs.callPackage /data/nixos/envsubst-configuration.nix { }; - config = rec { - TLD = envsubstConfiguration.TLD; - nextcloudDomain = "cloud.${TLD}"; - gitPort = "81"; - openSSHPort = 23841; - elementDomain = "element.${TLD}"; - matrixDomain = "matrix.${TLD}"; - matrixServerJSON = { "m.server" = "${matrixDomain}:443"; }; - matrixClientJSON = { "m.homeserver" = { "base_url" = "https://${TLD}"; }; }; - matrixPort = 8008; - static-sites = [ ]; # [ "boneco" "pdfs-da-d-maria" ]; - docs-projects = [ "mediator" "libedn" "x-bindgen" ]; - # "eq" "songbooks" - }; - static-site-from-repo = repo-name: { - "${repo-name}.${config.TLD}" = { - forceSSL = true; - enableACME = true; - root = pkgs.stdenv.mkDerivation { - name = repo-name; - src = fetchTarball - "https://git.sr.ht/~euandreh/${repo-name}/archive/master.tar.gz"; - phases = "unpackPhase buildPhase"; - buildPhase = '' - mkdir $out - cp index.html $out - cp favicon.ico $out - ''; - }; - }; - }; - docs-site-for-project = project-name: { - "${project-name}.${config.TLD}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - location = / { - return 301 en/master/; - } - root /data/static/${project-name}/; - ''; - }; - }; - pkgsUnstable = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; - }) { }; -in { - imports = [ ./hardware-configuration.nix ]; - - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/vda"; - }; - - networking = { - useDHCP = false; - interfaces.ens3.useDHCP = true; - }; - - nix = { - gc = { - automatic = true; - options = "--delete-older-than 7d"; - }; - # min-free 1G - extraOptions = '' - min-free = ${toString (1024 * 1024 * 1024)} - ''; - }; - - environment = { - systemPackages = with pkgs; [ vim git gitAndTools.git-annex gotop ]; - - shellAliases = { l = "ls -lahF"; }; - }; - - networking.firewall.allowedTCPPorts = [ - config.openSSHPort - - # HTTP and HTPPS: NGINX - 80 - 443 - ]; - - security.acme = { - acceptTerms = true; - email = "eu@euandre.org"; - }; - - services = { - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - ports = [ config.openSSHPort ]; - }; - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = - pkgs.lib.fold (repo: acc: acc // static-site-from-repo repo) { } - config.static-sites - // pkgs.lib.fold (project: acc: acc // docs-site-for-project project) - { } config.docs-projects // { - "${config.TLD}" = { - locations."= /.well-known/matrix/server".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON config.matrixServerJSON}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON config.matrixClientJSON}'; - ''; - }; - "${config.matrixDomain}" = { - enableACME = true; - forceSSL = true; - locations."/_matrix" = { - proxyPass = "http://[::1]:${toString config.matrixPort}"; - }; - }; - "${config.elementDomain}" = { - enableACME = true; - forceSSL = true; - root = pkgs.element-web.override { - conf = { - default_server_config."m.homeserver" = { - "base_url" = "https://${config.matrixDomain}"; - "server_name" = "https://${config.matrixDomain}"; - }; - }; - }; - }; - "${config.nextcloudDomain}" = { - forceSSL = true; - enableACME = true; - }; - "git.${config.TLD}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - location = /favicon.ico { - alias /data/favicons/git.ico; - } - location / { - proxy_pass http://localhost:${config.gitPort}; - } - ''; - }; - "ci.${config.TLD}" = { - forceSSL = true; - enableACME = true; - root = "/data/static/ci-logs/"; - }; - }; - }; - - nextcloud = { - enable = true; - hostName = config.nextcloudDomain; - https = true; - maxUploadSize = "4G"; - autoUpdateApps.enable = true; - config = { - overwriteProtocol = "https"; - dbtype = "sqlite"; - adminuser = "andreh"; - adminpassFile = "/data/secrets/nextcloud-admin.txt"; - }; - }; - - lighttpd = { - enable = true; - port = pkgs.lib.toInt config.gitPort; - cgit = { - enable = true; - subdir = ""; - configText = '' - enable-blame=1 - enable-commit-graph=1 - enable-follow-links=1 - enable-index-owner=0 - enable-log-filecount=1 - enable-log-linecount=1 - root-desc=Patches welcome! - readme=:README.md - readme=:README - readme=:README.rst - readme=:README.org - max-repodesc-length=120 - remove-suffix=1 - root-title=EuAndreh's repositories - snapshots=tar.gz zip - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - scan-path=/data/git - ''; - }; - }; - - logrotate = { - enable = false; - extraConfig = '' - compress - - /data/static/ci-logs/**/*.log { - rotate 30 - daily - olddir /data/static/logrotate/ - createolddir 744 andreh users - su andreh users - } - ''; - }; - - matrix-synapse = { - enable = true; - server_name = config.matrixDomain; - # I created the new user by temporarily setting this to true - enable_registration = false; - database_type = "sqlite3"; - listeners = [{ - port = config.matrixPort; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = false; - }]; - }]; - }; - - cron = { - enable = true; - systemCronJobs = [ "0 12 * * * root /data/cron/borg.sh" ]; - }; - }; - - users = { - mutableUsers = false; - extraUsers.andreh = { - uid = 1000; - isNormalUser = true; - extraGroups = [ "wheel" ]; - hashedPassword = builtins.readFile "/data/secrets/user-hash.txt"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF+uy407LKZAFnfFkJPRiOBzwV98qIEcKhITnLYhqfITfrJvcFVOY0/YDCrs6WHXyLdM29AoywVWsQ1qXiB7xQCwknPV8YZoCnJQcn0gvH8jbCk+C8Po0Rx846wbhL49qYolnmlhe+Uoy30j7XIJSDtPVO9d/hZqt2GPwGVJ98HLyY2ak+j4i1YkHr+mPFgnCaqCAzA374d1Bop18+YENYtMMU0k8hCsomwZny/7qNo4V8mjLxQAS8FvTuljxlthEpOM4Jsjl07yDLgE69kLvU7mmFi8EeC26e50N18Ouse82dZigtVhAMeLBhbJnQbDff4WfUBzSjpKjZPGcxoRaej3qSRbIkcMMqCOSlww6GcjRi+COvlpA4c1i4hKI15wHceoiKghDLA6jbaHfOqEMldflYl5gCVUIYzJ5XehZppH6L7PzO+L4suNs+aFjWPDZ0jqEtcyTmgTMea40p7wwz086ExnBDorbG79oDiJrWc+swJjXuVakS+fQjb3mPsCC/FgUhsxEtqiVfvLo2mphp47pOYvs64aUp3RV9muqQNuS4tEuP9V1urGTLtgPL26LEjF0oLu1ag0H+VZY5O/T9KRYvWre8IWbj/KkZYo1tJaGJyEVr0plmyzLBEy8b3Hu/6Wtq7yB0Eii60fxqFWC24nEkvs1V0cxDa+o6I2iA9w== eu@euandre.org" - ]; - }; - }; - - system = { - stateVersion = "20.09"; - autoUpgrade = { - enable = true; - allowReboot = true; - }; - }; -} |