koi.rip / dotfiles
my nixos dotfiles :3 (git.koi.rip mirror) git.koi.rip/koi/dotfiles
linux dotfiles neovim nixos catppuccin
fork atom

seber: reorganize, init ebil.club

koi.rip 6692008f 74e6edba

+176 -103
unified split
+1 -1
home/modules/programs/foot.nix
··· 13 settings = { 14 main = { 15 include = builtins.toString catppuccin; 16 - font = "Maple Mono NF:pixelsize=16"; 17 dpi-aware = "yes"; 18 }; 19 cursor = {
··· 13 settings = { 14 main = { 15 include = builtins.toString catppuccin; 16 + font = "Maple Mono NF:pixelsize=15"; 17 dpi-aware = "yes"; 18 }; 19 cursor = {
+5 -1
modules/base/services/openssh.nix
··· 3 enable = true; 4 openFirewall = true; 5 settings = { 6 PasswordAuthentication = false; 7 PermitRootLogin = "no"; 8 - PubkeyAuthentication = true; 9 }; 10 }; 11 }
··· 3 enable = true; 4 openFirewall = true; 5 settings = { 6 + PubkeyAuthentication = true; 7 PasswordAuthentication = false; 8 + KbdInteractiveAuthentication = false; 9 + X11Forwarding = false; 10 + PermitTunnel = "no"; 11 PermitRootLogin = "no"; 12 + AllowTcpForwarding = "no"; 13 }; 14 }; 15 }
+9 -101
systems/seber/default.nix
··· 4 imports = [ 5 ./hardware.nix 6 inputs.agenix.nixosModules.default 7 ]; 8 9 boot.loader.grub = { ··· 11 device = "/dev/vda"; 12 }; 13 14 - networking.hostName = "seber"; 15 16 time.timeZone = "UTC"; 17 i18n.defaultLocale = "en_US.UTF-8"; ··· 20 git 21 vim 22 htop 23 - nodejs 24 ]; 25 26 - networking.firewall.allowedTCPPorts = [ 27 - 80 28 - 443 29 - ]; 30 31 age = { 32 identityPaths = [ "/home/adam/.ssh/id_ed25519" ]; ··· 46 mode = "0440"; 47 group = "nginx"; 48 }; 49 - }; 50 - }; 51 - 52 - services.nginx = { 53 - enable = true; 54 - virtualHosts = { 55 - "adam.qpon" = { 56 - locations."/" = { 57 - proxyPass = "http://127.0.0.1:8000"; 58 - extraConfig = '' 59 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 60 - proxy_set_header X-Forwarded-Proto $scheme; 61 - proxy_set_header Host $host; 62 - ''; 63 - }; 64 - 65 - onlySSL = true; 66 - sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 67 - sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 68 - }; 69 - 70 - "vault.adamperkowski.dev" = { 71 - locations."/" = { 72 - proxyPass = "http://127.0.0.1:8222"; 73 - extraConfig = '' 74 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 75 - proxy_set_header X-Forwarded-Proto $scheme; 76 - proxy_set_header Host $host; 77 - ''; 78 - }; 79 - 80 - onlySSL = true; 81 - sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 82 - sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 83 - }; 84 - 85 - "lebel.adamperkowski.dev" = { 86 - locations."/" = { 87 - proxyPass = "http://127.0.0.1:14831"; 88 - extraConfig = '' 89 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 90 - proxy_set_header X-Forwarded-Proto $scheme; 91 - proxy_set_header X-Real-IP $remote_addr; 92 - proxy_set_header Host $host; 93 - 94 - proxy_http_version 1.1; 95 - proxy_set_header Upgrade $http_upgrade; 96 - proxy_set_header Connection "upgrade"; 97 - ''; 98 - }; 99 - onlySSL = true; 100 - sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 101 - sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 102 - }; 103 - }; 104 - }; 105 - 106 - services.vaultwarden = { 107 - enable = true; 108 - environmentFile = "/run/agenix/vaultwarden-env"; 109 - config = { 110 - DOMAIN = "https://vault.adamperkowski.dev"; 111 - SIGNUPS_ALLOWED = false; 112 - ROCKET_ADDRESS = "127.0.0.1"; 113 - ROCKET_PORT = 8222; 114 - ROCKET_LOG = "critical"; 115 - LOG_LEVEL = "warn"; 116 - }; 117 - }; 118 - 119 - systemd.services.website = { 120 - description = "my site :3"; 121 - after = [ "network.target" ]; 122 - wantedBy = [ "multi-user.target" ]; 123 - 124 - serviceConfig = { 125 - ExecStart = "/var/website/website/bin/website"; 126 - WorkingDirectory = "/var/website"; 127 - Restart = "on-failure"; 128 - RestartSec = 10; 129 - }; 130 - }; 131 - 132 - systemd.services.lebel = { 133 - description = "lebel"; 134 - after = [ "network.target" ]; 135 - wantedBy = [ "multi-user.target" ]; 136 - 137 - serviceConfig = { 138 - User = "adam"; 139 - Group = "users"; 140 - ExecStart = "${pkgs.nodejs}/bin/node --env-file /var/lebel/.env /var/lebel/build/main.js"; 141 - WorkingDirectory = "/var/lebel"; 142 - Restart = "on-failure"; 143 - RestartSec = 10; 144 }; 145 }; 146 }
··· 4 imports = [ 5 ./hardware.nix 6 inputs.agenix.nixosModules.default 7 + ./services 8 ]; 9 10 boot.loader.grub = { ··· 12 device = "/dev/vda"; 13 }; 14 15 + networking = { 16 + hostName = "seber"; 17 + firewall.allowedTCPPorts = [ 18 + 80 19 + 443 20 + ]; 21 + }; 22 23 time.timeZone = "UTC"; 24 i18n.defaultLocale = "en_US.UTF-8"; ··· 27 git 28 vim 29 htop 30 ]; 31 32 + services.nginx.enable = true; 33 34 age = { 35 identityPaths = [ "/home/adam/.ssh/id_ed25519" ]; ··· 49 mode = "0440"; 50 group = "nginx"; 51 }; 52 }; 53 }; 54 }
+8
systems/seber/services/default.nix
···
··· 1 + { 2 + imports = [ 3 + ./website.nix 4 + ./lebel.nix 5 + ./vaultwarden.nix 6 + ./ebil-club 7 + ]; 8 + }
+15
systems/seber/services/ebil-club/default.nix
···
··· 1 + { 2 + imports = [ ./seba.nix ]; 3 + 4 + services.nginx.virtualHosts."ebil.club" = { 5 + locations."/" = { 6 + return = "200 'meow dm to get cool handle https://witchsky.app/profile/did:plc:b26ewgkrnx3yvsp2cdao3ntu :3'"; 7 + extraConfig = '' 8 + add_header Content-Type text/plain; 9 + ''; 10 + }; 11 + onlySSL = true; 12 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 13 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 14 + }; 15 + }
+35
systems/seber/services/ebil-club/seba.nix
···
··· 1 + { pkgs, ... }: 2 + 3 + { 4 + environment.systemPackages = [ pkgs.rrsync ]; 5 + 6 + services.nginx.virtualHosts."seba.ebil.club" = { 7 + locations."/" = { 8 + root = "/var/ebil.club/seba/seba.ebil.club"; 9 + index = "index.html"; 10 + extraConfig = "try_files $uri $uri/ =404;"; 11 + }; 12 + extraConfig = "error_page 404 /404.html;"; 13 + onlySSL = true; 14 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 15 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 16 + }; 17 + 18 + users = { 19 + groups.seba = { }; 20 + users.seba = { 21 + isNormalUser = true; 22 + home = "/var/ebil.club/seba"; 23 + hashedPassword = "!"; 24 + group = "seba"; 25 + openssh.authorizedKeys.keys = [ 26 + ''command="${pkgs.rrsync}/bin/rrsync ~/seba.ebil.club",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7xlBanf8BNQXosqGT5QroBntpFUsy3g12fO/fPE414'' 27 + ]; 28 + }; 29 + }; 30 + 31 + systemd.tmpfiles.rules = [ 32 + "Z /var/ebil.club/seba 0750 seba nginx -" 33 + "d /var/ebil.club/seba/seba.ebil.club 0750 seba nginx -" 34 + ]; 35 + }
+44
systems/seber/services/lebel.nix
···
··· 1 + { pkgs, ... }: 2 + 3 + { 4 + environment.systemPackages = [ pkgs.nodejs ]; 5 + 6 + systemd.services.lebel = { 7 + description = "lebel"; 8 + after = [ "network.target" ]; 9 + wantedBy = [ "multi-user.target" ]; 10 + 11 + serviceConfig = { 12 + User = "adam"; 13 + Group = "users"; 14 + ExecStart = "${pkgs.nodejs}/bin/node --env-file /var/lebel/.env /var/lebel/build/main.js"; 15 + WorkingDirectory = "/var/lebel"; 16 + Restart = "on-failure"; 17 + RestartSec = 10; 18 + }; 19 + }; 20 + 21 + services.nginx.virtualHosts."lebel.ebil.club" = { 22 + locations = { 23 + "= /".return = "301 https://witchsky.app/profile/did:plc:nwrcwcrhpkgrqqvkg3lmaqky"; 24 + "/" = { 25 + proxyPass = "http://127.0.0.1:14831"; 26 + extraConfig = '' 27 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 28 + proxy_set_header X-Forwarded-Proto $scheme; 29 + proxy_set_header X-Real-IP $remote_addr; 30 + proxy_set_header Host $host; 31 + 32 + proxy_http_version 1.1; 33 + proxy_set_header Upgrade $http_upgrade; 34 + proxy_set_header Connection "upgrade"; 35 + ''; 36 + }; 37 + }; 38 + onlySSL = true; 39 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 40 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 41 + }; 42 + 43 + systemd.tmpfiles.rules = [ "d /var/lebel 0750 adam users -" ]; 44 + }
+29
systems/seber/services/vaultwarden.nix
···
··· 1 + { 2 + services.vaultwarden = { 3 + enable = true; 4 + environmentFile = "/run/agenix/vaultwarden-env"; 5 + config = { 6 + DOMAIN = "https://vault.adamperkowski.dev"; 7 + SIGNUPS_ALLOWED = false; 8 + ROCKET_ADDRESS = "127.0.0.1"; 9 + ROCKET_PORT = 8222; 10 + ROCKET_LOG = "critical"; 11 + LOG_LEVEL = "warn"; 12 + }; 13 + }; 14 + 15 + services.nginx.virtualHosts."vault.adamperkowski.dev" = { 16 + locations."/" = { 17 + proxyPass = "http://127.0.0.1:8222"; 18 + extraConfig = '' 19 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 20 + proxy_set_header X-Forwarded-Proto $scheme; 21 + proxy_set_header Host $host; 22 + ''; 23 + }; 24 + onlySSL = true; 25 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 26 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 27 + }; 28 + 29 + }
+30
systems/seber/services/website.nix
···
··· 1 + { 2 + systemd.services.website = { 3 + description = "my site :3"; 4 + after = [ "network.target" ]; 5 + wantedBy = [ "multi-user.target" ]; 6 + 7 + serviceConfig = { 8 + ExecStart = "/var/website/website/bin/website"; 9 + WorkingDirectory = "/var/website"; 10 + Restart = "on-failure"; 11 + RestartSec = 10; 12 + }; 13 + }; 14 + 15 + services.nginx.virtualHosts."adam.qpon" = { 16 + locations."/" = { 17 + proxyPass = "http://127.0.0.1:8000"; 18 + extraConfig = '' 19 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 20 + proxy_set_header X-Forwarded-Proto $scheme; 21 + proxy_set_header Host $host; 22 + ''; 23 + }; 24 + onlySSL = true; 25 + sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 26 + sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 27 + }; 28 + 29 + systemd.tmpfiles.rules = [ "d /var/website 0750 adam users -" ]; 30 + }