+1 -1

home/modules/programs/foot.nix

··· 13 13 settings = { 14 14 main = { 15 15 include = builtins.toString catppuccin; 16 16 - font = "Maple Mono NF:pixelsize=16"; 16 16 + font = "Maple Mono NF:pixelsize=15"; 17 17 dpi-aware = "yes"; 18 18 }; 19 19 cursor = {

+5 -1

modules/base/services/openssh.nix

··· 3 3 enable = true; 4 4 openFirewall = true; 5 5 settings = { 6 6 + PubkeyAuthentication = true; 6 7 PasswordAuthentication = false; 8 8 + KbdInteractiveAuthentication = false; 9 9 + X11Forwarding = false; 10 10 + PermitTunnel = "no"; 7 11 PermitRootLogin = "no"; 8 8 - PubkeyAuthentication = true; 12 12 + AllowTcpForwarding = "no"; 9 13 }; 10 14 }; 11 15 }

+9 -101

systems/seber/default.nix

··· 4 4 imports = [ 5 5 ./hardware.nix 6 6 inputs.agenix.nixosModules.default 7 7 + ./services 7 8 ]; 8 9 9 10 boot.loader.grub = { ··· 11 12 device = "/dev/vda"; 12 13 }; 13 14 14 14 - networking.hostName = "seber"; 15 15 + networking = { 16 16 + hostName = "seber"; 17 17 + firewall.allowedTCPPorts = [ 18 18 + 80 19 19 + 443 20 20 + ]; 21 21 + }; 15 22 16 23 time.timeZone = "UTC"; 17 24 i18n.defaultLocale = "en_US.UTF-8"; ··· 20 27 git 21 28 vim 22 29 htop 23 23 - nodejs 24 30 ]; 25 31 26 26 - networking.firewall.allowedTCPPorts = [ 27 27 - 80 28 28 - 443 29 29 - ]; 32 32 + services.nginx.enable = true; 30 33 31 34 age = { 32 35 identityPaths = [ "/home/adam/.ssh/id_ed25519" ]; ··· 46 49 mode = "0440"; 47 50 group = "nginx"; 48 51 }; 49 49 - }; 50 50 - }; 51 51 - 52 52 - services.nginx = { 53 53 - enable = true; 54 54 - virtualHosts = { 55 55 - "adam.qpon" = { 56 56 - locations."/" = { 57 57 - proxyPass = "http://127.0.0.1:8000"; 58 58 - extraConfig = '' 59 59 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 60 60 - proxy_set_header X-Forwarded-Proto $scheme; 61 61 - proxy_set_header Host $host; 62 62 - ''; 63 63 - }; 64 64 - 65 65 - onlySSL = true; 66 66 - sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 67 67 - sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 68 68 - }; 69 69 - 70 70 - "vault.adamperkowski.dev" = { 71 71 - locations."/" = { 72 72 - proxyPass = "http://127.0.0.1:8222"; 73 73 - extraConfig = '' 74 74 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 75 75 - proxy_set_header X-Forwarded-Proto $scheme; 76 76 - proxy_set_header Host $host; 77 77 - ''; 78 78 - }; 79 79 - 80 80 - onlySSL = true; 81 81 - sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 82 82 - sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 83 83 - }; 84 84 - 85 85 - "lebel.adamperkowski.dev" = { 86 86 - locations."/" = { 87 87 - proxyPass = "http://127.0.0.1:14831"; 88 88 - extraConfig = '' 89 89 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 90 90 - proxy_set_header X-Forwarded-Proto $scheme; 91 91 - proxy_set_header X-Real-IP $remote_addr; 92 92 - proxy_set_header Host $host; 93 93 - 94 94 - proxy_http_version 1.1; 95 95 - proxy_set_header Upgrade $http_upgrade; 96 96 - proxy_set_header Connection "upgrade"; 97 97 - ''; 98 98 - }; 99 99 - onlySSL = true; 100 100 - sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 101 101 - sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 102 102 - }; 103 103 - }; 104 104 - }; 105 105 - 106 106 - services.vaultwarden = { 107 107 - enable = true; 108 108 - environmentFile = "/run/agenix/vaultwarden-env"; 109 109 - config = { 110 110 - DOMAIN = "https://vault.adamperkowski.dev"; 111 111 - SIGNUPS_ALLOWED = false; 112 112 - ROCKET_ADDRESS = "127.0.0.1"; 113 113 - ROCKET_PORT = 8222; 114 114 - ROCKET_LOG = "critical"; 115 115 - LOG_LEVEL = "warn"; 116 116 - }; 117 117 - }; 118 118 - 119 119 - systemd.services.website = { 120 120 - description = "my site :3"; 121 121 - after = [ "network.target" ]; 122 122 - wantedBy = [ "multi-user.target" ]; 123 123 - 124 124 - serviceConfig = { 125 125 - ExecStart = "/var/website/website/bin/website"; 126 126 - WorkingDirectory = "/var/website"; 127 127 - Restart = "on-failure"; 128 128 - RestartSec = 10; 129 129 - }; 130 130 - }; 131 131 - 132 132 - systemd.services.lebel = { 133 133 - description = "lebel"; 134 134 - after = [ "network.target" ]; 135 135 - wantedBy = [ "multi-user.target" ]; 136 136 - 137 137 - serviceConfig = { 138 138 - User = "adam"; 139 139 - Group = "users"; 140 140 - ExecStart = "${pkgs.nodejs}/bin/node --env-file /var/lebel/.env /var/lebel/build/main.js"; 141 141 - WorkingDirectory = "/var/lebel"; 142 142 - Restart = "on-failure"; 143 143 - RestartSec = 10; 144 52 }; 145 53 }; 146 54 }

+8

systems/seber/services/default.nix

··· 1 1 + { 2 2 + imports = [ 3 3 + ./website.nix 4 4 + ./lebel.nix 5 5 + ./vaultwarden.nix 6 6 + ./ebil-club 7 7 + ]; 8 8 + }

+15

systems/seber/services/ebil-club/default.nix

··· 1 1 + { 2 2 + imports = [ ./seba.nix ]; 3 3 + 4 4 + services.nginx.virtualHosts."ebil.club" = { 5 5 + locations."/" = { 6 6 + return = "200 'meow dm to get cool handle https://witchsky.app/profile/did:plc:b26ewgkrnx3yvsp2cdao3ntu :3'"; 7 7 + extraConfig = '' 8 8 + add_header Content-Type text/plain; 9 9 + ''; 10 10 + }; 11 11 + onlySSL = true; 12 12 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 13 13 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 14 14 + }; 15 15 + }

+35

systems/seber/services/ebil-club/seba.nix

··· 1 1 + { pkgs, ... }: 2 2 + 3 3 + { 4 4 + environment.systemPackages = [ pkgs.rrsync ]; 5 5 + 6 6 + services.nginx.virtualHosts."seba.ebil.club" = { 7 7 + locations."/" = { 8 8 + root = "/var/ebil.club/seba/seba.ebil.club"; 9 9 + index = "index.html"; 10 10 + extraConfig = "try_files $uri $uri/ =404;"; 11 11 + }; 12 12 + extraConfig = "error_page 404 /404.html;"; 13 13 + onlySSL = true; 14 14 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 15 15 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 16 16 + }; 17 17 + 18 18 + users = { 19 19 + groups.seba = { }; 20 20 + users.seba = { 21 21 + isNormalUser = true; 22 22 + home = "/var/ebil.club/seba"; 23 23 + hashedPassword = "!"; 24 24 + group = "seba"; 25 25 + openssh.authorizedKeys.keys = [ 26 26 + ''command="${pkgs.rrsync}/bin/rrsync ~/seba.ebil.club",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7xlBanf8BNQXosqGT5QroBntpFUsy3g12fO/fPE414'' 27 27 + ]; 28 28 + }; 29 29 + }; 30 30 + 31 31 + systemd.tmpfiles.rules = [ 32 32 + "Z /var/ebil.club/seba 0750 seba nginx -" 33 33 + "d /var/ebil.club/seba/seba.ebil.club 0750 seba nginx -" 34 34 + ]; 35 35 + }

+44

systems/seber/services/lebel.nix

··· 1 1 + { pkgs, ... }: 2 2 + 3 3 + { 4 4 + environment.systemPackages = [ pkgs.nodejs ]; 5 5 + 6 6 + systemd.services.lebel = { 7 7 + description = "lebel"; 8 8 + after = [ "network.target" ]; 9 9 + wantedBy = [ "multi-user.target" ]; 10 10 + 11 11 + serviceConfig = { 12 12 + User = "adam"; 13 13 + Group = "users"; 14 14 + ExecStart = "${pkgs.nodejs}/bin/node --env-file /var/lebel/.env /var/lebel/build/main.js"; 15 15 + WorkingDirectory = "/var/lebel"; 16 16 + Restart = "on-failure"; 17 17 + RestartSec = 10; 18 18 + }; 19 19 + }; 20 20 + 21 21 + services.nginx.virtualHosts."lebel.ebil.club" = { 22 22 + locations = { 23 23 + "= /".return = "301 https://witchsky.app/profile/did:plc:nwrcwcrhpkgrqqvkg3lmaqky"; 24 24 + "/" = { 25 25 + proxyPass = "http://127.0.0.1:14831"; 26 26 + extraConfig = '' 27 27 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 28 28 + proxy_set_header X-Forwarded-Proto $scheme; 29 29 + proxy_set_header X-Real-IP $remote_addr; 30 30 + proxy_set_header Host $host; 31 31 + 32 32 + proxy_http_version 1.1; 33 33 + proxy_set_header Upgrade $http_upgrade; 34 34 + proxy_set_header Connection "upgrade"; 35 35 + ''; 36 36 + }; 37 37 + }; 38 38 + onlySSL = true; 39 39 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 40 40 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 41 41 + }; 42 42 + 43 43 + systemd.tmpfiles.rules = [ "d /var/lebel 0750 adam users -" ]; 44 44 + }

+29

systems/seber/services/vaultwarden.nix

··· 1 1 + { 2 2 + services.vaultwarden = { 3 3 + enable = true; 4 4 + environmentFile = "/run/agenix/vaultwarden-env"; 5 5 + config = { 6 6 + DOMAIN = "https://vault.adamperkowski.dev"; 7 7 + SIGNUPS_ALLOWED = false; 8 8 + ROCKET_ADDRESS = "127.0.0.1"; 9 9 + ROCKET_PORT = 8222; 10 10 + ROCKET_LOG = "critical"; 11 11 + LOG_LEVEL = "warn"; 12 12 + }; 13 13 + }; 14 14 + 15 15 + services.nginx.virtualHosts."vault.adamperkowski.dev" = { 16 16 + locations."/" = { 17 17 + proxyPass = "http://127.0.0.1:8222"; 18 18 + extraConfig = '' 19 19 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 20 20 + proxy_set_header X-Forwarded-Proto $scheme; 21 21 + proxy_set_header Host $host; 22 22 + ''; 23 23 + }; 24 24 + onlySSL = true; 25 25 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 26 26 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 27 27 + }; 28 28 + 29 29 + }

+30

systems/seber/services/website.nix

··· 1 1 + { 2 2 + systemd.services.website = { 3 3 + description = "my site :3"; 4 4 + after = [ "network.target" ]; 5 5 + wantedBy = [ "multi-user.target" ]; 6 6 + 7 7 + serviceConfig = { 8 8 + ExecStart = "/var/website/website/bin/website"; 9 9 + WorkingDirectory = "/var/website"; 10 10 + Restart = "on-failure"; 11 11 + RestartSec = 10; 12 12 + }; 13 13 + }; 14 14 + 15 15 + services.nginx.virtualHosts."adam.qpon" = { 16 16 + locations."/" = { 17 17 + proxyPass = "http://127.0.0.1:8000"; 18 18 + extraConfig = '' 19 19 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 20 20 + proxy_set_header X-Forwarded-Proto $scheme; 21 21 + proxy_set_header Host $host; 22 22 + ''; 23 23 + }; 24 24 + onlySSL = true; 25 25 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 26 26 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 27 27 + }; 28 28 + 29 29 + systemd.tmpfiles.rules = [ "d /var/website 0750 adam users -" ]; 30 30 + }