diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/himeji/default.nix | 155 |
1 files changed, 2 insertions, 153 deletions
diff --git a/hosts/himeji/default.nix b/hosts/himeji/default.nix index 3bea24a..94adf70 100644 --- a/hosts/himeji/default.nix +++ b/hosts/himeji/default.nix @@ -1,162 +1,11 @@ -{ secrets, pkgs, ... }: -let - containerEngine = "podman"; -in { imports = [ - ../../modules/nix + ../../modules/server ../../disks/himeji.nix ./hardware-configuration.nix - ../../modules/networking/vpn/tailscale.nix - ../../modules/options.nix + ../../modules/options ./options.nix ]; - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - services.openssh.enable = true; system.stateVersion = "24.05"; - - environment.systemPackages = with pkgs; [ - fastfetch - vim - ]; - - networking = { - hostName = "himeji"; - domain = ""; - - firewall.allowedTCPPorts = [ - 80 - 443 - ]; - }; - - users.users.root = { - initialHashedPassword = secrets.initial_hashed_password; - - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBm/ydlGJiKWMxH6v9SFN3vo/ZkX6eQ+uCmH32gnCkUW" - ]; - }; - - systemd.services.tailscale-up = { - after = [ "tailscaled.service" ]; - requires = [ "tailscaled.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "/run/current-system/sw/bin/tailscale up --authkey ${secrets.tailscale_authentication_key}"; - Restart = "on-failure"; - }; - }; - - systemd.services.ghcr-login = { - after = [ "${containerEngine}.service" ]; - requires = [ "${containerEngine}.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "/run/current-system/sw/bin/${containerEngine} login ghcr.io -u ${secrets.ghcr.username} -p ${secrets.ghcr.token}"; - Restart = "on-failure"; - }; - }; - - virtualisation = { - containers.enable = true; - docker.enable = containerEngine == "docker"; - - podman = { - enable = containerEngine == "podman"; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; - - oci-containers = { - backend = containerEngine; - - containers = { - september = { - image = "fuwn/september"; - autoStart = true; - ports = [ "8084:80" ]; - - environment = { - CONDENSE_LINKS_AT_HEADINGS = "## Quick Links,# Fuwn[.me],## Footer"; - EMBED_IMAGES = "2"; - HEAD = ''<script async src="https://us.umami.is/script.js" data-website-id="fb2fa218-bbfc-419f-8b70-4f0b937df064"></script><link rel="icon" type="image/x-icon" href="https://avatars.githubusercontent.com/u/99055925?s=200&v=4">''; - MATHJAX = "true"; - PLAIN_TEXT_ROUTE = "*.xml,*.txt"; - PRIMARY_COLOUR = "#DCC6BD"; - }; - }; - - momoka = { - image = "fuwn/momoka"; - autoStart = true; - ports = [ "70:70" ]; - }; - - gigi = { - image = "fuwn/gigi"; - autoStart = true; - ports = [ "79:79" ]; - volumes = [ "/mnt/docker/gigi:/gigi/.gigi" ]; - }; - - mayu = { - image = "fuwn/mayu"; - autoStart = true; - ports = [ "8098:3000" ]; - volumes = [ "/mnt/docker/mayu:/mayu/data" ]; - }; - - locus = { - image = "ghcr.io/gemrest/locus"; - autoStart = true; - ports = [ "1965:1965" ]; - volumes = [ "/mnt/docker/locus:/locus/.locus" ]; - - environment = { - FINNHUB_TOKEN = secrets.finnhub_token; - HEADER_IMAGE = "https://ruu.neocities.org/images/animeHeader.gif"; - }; - }; - - bin = { - image = "quxfoo/wastebin"; - autoStart = true; - ports = [ "8090:8088" ]; - volumes = [ "/mnt/docker/bin:/root/db" ]; - }; - }; - }; - }; - - services.caddy = { - enable = true; - - virtualHosts = { - "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098"; - "counter.due.moe".extraConfig = "reverse_proxy localhost:8098"; - "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090"; - - "fuwn.me".extraConfig = '' - reverse_proxy localhost:8084 - - header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path} - - @blocked { - path /proxy/illegaldrugs.net/cgi-bin/news.php* - path /proxy/scholasticdiversity.us.to/scriptures/* - path /proxy/jsreed5.org/oeis/* - } - respond @blocked 403 - - @no_forwarded_for not header X-Forwarded-For * - request_header @no_forwarded_for X-Forwarded-For {remote_host} - respond /whoami {header.X-Forwarded-For} 200 - ''; - }; - }; } |