Update cloud services

Rebuilt email server, started wireguard setup.
author: Ben Sima <ben@bsima.me> 2021-10-17 11:52:47 -0400
committer: Ben Sima <ben@bsima.me> 2021-11-26 13:47:38 -0500
commit: f432b7057738cb5123c8e1b506a2a1199e71ee72 (patch)
tree: f9a1f2eda099530934ea1f56d58ea08ba25e304b /Biz/Cloud
parent: 8e1340bda701171e3557840332c4f3c30e1afc28 (diff)
7 files changed, 58 insertions, 47 deletions
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index bc9812c..eb61a10 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -1,7 +1,7 @@
 { pkgs, lib, config, ... }:
 
 let
-  root = "/srv/git";
+  root = "/var/git";
 in {
   services = {
     gitolite = {
diff --git a/Biz/Cloud/Hardware.nix b/Biz/Cloud/Hardware.nix
index 20eab30..ab775dc 100644
--- a/Biz/Cloud/Hardware.nix
+++ b/Biz/Cloud/Hardware.nix
@@ -1,8 +1,7 @@
-{ ... }:
+{ modulesPath, ... }:
 {
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
   boot.loader.grub.device = "/dev/vda";
+  boot.initrd.kernelModules = [ "nvme" ];
   fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
-  swapDevices = [
-    { device = "/swapfile"; } # 4GB
-  ];
 }
diff --git a/Biz/Cloud/Mail.nix b/Biz/Cloud/Mail.nix
index e3ddc06..ecb64ff 100644
--- a/Biz/Cloud/Mail.nix
+++ b/Biz/Cloud/Mail.nix
@@ -20,7 +20,7 @@
 
     loginAccounts = {
       "ben@simatime.com" = {
-        hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/";
+        hashedPasswordFile = "/home/ben/hashed-mail-password";
         aliases = [
           # my default email
           "ben@bsima.me"
@@ -31,6 +31,11 @@
         catchAll = [ "simatime.com" "bsima.me" ];
         quota = "10G";
       };
+      "dev@simatime.com" = {
+        hashedPasswordFile = "/home/ben/hashed-mail-password";
+        aliases = [ "dev@bsima.me" ];
+        quota = "10G";
+      };
       "nick@simatime.com" = {
         hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1";
         aliases = [
diff --git a/Biz/Cloud/Networking.nix b/Biz/Cloud/Networking.nix
index fa41650..05a1608 100644
--- a/Biz/Cloud/Networking.nix
+++ b/Biz/Cloud/Networking.nix
@@ -1,42 +1,31 @@
-{ lib, config, ... }:
-
-let
-  ports = import ./Ports.nix;
-in {
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
   networking = {
-    firewall = {
-      allowedTCPPorts = [
-        ports.ssh
-        ports.git
-        ports.http
-        ports.https
-        ports.sabten
-        ports.gemini
-        ports.radicale
-      ];
-    };
-    nameservers = [
-      "67.207.67.2"
-      "67.207.67.3"
-    ];
-    defaultGateway = "159.89.128.1";
-    defaultGateway6 = "2604:a880:2:d0::1";
+    nameservers = [ "8.8.8.8"
+ ];
+    defaultGateway = "143.198.112.1";
+    defaultGateway6 = "2604:a880:400:d0::1";
     dhcpcd.enable = false;
-    usePredictableInterfaceNames = lib.mkForce true;
+    usePredictableInterfaceNames = lib.mkForce false;
     interfaces = {
       eth0 = {
         ipv4.addresses = [
-          { address="159.89.128.69"; prefixLength=20; }
-          { address="10.46.0.6"; prefixLength=16; }
+          { address="143.198.118.179"; prefixLength=20; }
+{ address="10.10.0.7"; prefixLength=16; }
         ];
         ipv6.addresses = [
-          { address="2604:a880:2:d0::35:c001"; prefixLength = 64; }
-          { address="fe80::e899:c0ff:fe9c:e194"; prefixLength = 64; }
+          { address="2604:a880:400:d0::19f1:7001"; prefixLength=64; }
+{ address="fe80::a06e:26ff:fee1:941"; prefixLength=64; }
         ];
+        ipv4.routes = [ { address = "143.198.112.1"; prefixLength = 32; } ];
+        ipv6.routes = [ { address = "2604:a880:400:d0::1"; prefixLength = 128; } ];
       };
+
     };
   };
   services.udev.extraRules = ''
-    ATTR{address}=="ea:99:c0:9c:e1:94", NAME="eth0"
+    ATTR{address}=="a2:6e:26:e1:09:41", NAME="eth0"
+    ATTR{address}=="f2:4e:52:1a:72:ef", NAME="eth1"
   '';
 }
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix
index 636c797..ad5ddc9 100644
--- a/Biz/Cloud/Ports.nix
+++ b/Biz/Cloud/Ports.nix
@@ -19,6 +19,8 @@
   radicale = 5232;
   sabten = 8080;
   ssh = 22;
-  tor = 143;
+  tor = 144;
   torrents = { from = 3000; to = 3099; };
+  wireguard = 51820;
+  znc = 5000;
 }
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index 9899258..68ff19e 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -5,6 +5,19 @@ let
   ports = import ./Ports.nix;
 in
 {
+  networking.firewall = {
+    allowedTCPPorts = [
+      ports.ssh
+      ports.git
+      ports.http
+      ports.https
+      ports.sabten
+      ports.gemini
+      ports.radicale
+      ports.znc
+    ];
+  };
+
   services = {
     radicale = {
       enable = true;
@@ -23,10 +36,10 @@ in
         listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}";
         ":tls" = { store = "/var/lib/gmnisrv"; };
         "bsima.me" = {
-          "root" = "/srv/www/ben";
+          "root" = "/var/web/ben";
         };
         "simatime.com" = {
-          "root" = "/srv/www/simatime.com";
+          "root" = "/var/web/simatime.com";
           "cgi" = "on";
         };
       };
@@ -49,14 +62,14 @@ in
           enableACME = true;
           locations = {
             "/" = {
-              root = "/srv/www/simatime.com";
+              root = "/var/web/simatime.com";
               extraConfig = ''
                 autoindex on;
               '';
             };
             # serve /~$USER paths
             "~ ^/~(.+?)(/.*)?$" = {
-              alias = "/srv/www/$1$2";
+              alias = "/var/web/$1$2";
               index = "index.html index.htm";
               extraConfig = ''
                 autoindex on;
@@ -89,7 +102,7 @@ in
 
         "bsima.me" = {
           locations."/" = {
-            root = "/srv/www/ben";
+            root = "/var/web/ben";
             index = "index.html index.htm";
             extraConfig = ''
               autoindex on;
@@ -161,10 +174,6 @@ in
           };
         };
 
-        "grocy.${rootDomain}" = {
-          useACMEHost = rootDomain;
-          forceSSL = true;
-        };
       };
     };
   };
@@ -182,6 +191,5 @@ in
     "sabten"
     "cal"
     "notebook"
-    "grocy"
   ];
 }
diff --git a/Biz/Cloud/Znc.nix b/Biz/Cloud/Znc.nix
index 0ba8d6a..5ec4e56 100644
--- a/Biz/Cloud/Znc.nix
+++ b/Biz/Cloud/Znc.nix
@@ -19,13 +19,13 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"'
       ];
       useLegacyConfig = false;
       config = {
-        LoadModule = [ "adminlog" "sasl" ];
+        LoadModule = [ "adminlog" ];
         Motd = "welcome to znc.simatime.com";
         User.bsima = {
           Admin = true;
           Nick = "bsima";
           AltNick = "bsima1";
-          LoadModule = [ "chansaver" "controlpanel" "log" "sasl" ];
+          LoadModule = [ "chansaver" "controlpanel" "log" ];
           Network = {
             #efnet = {
             #  Server = "irc.efnet.info +6697";
@@ -57,6 +57,14 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"'
                 "#home-manager" = {};
               };
             };
+            zeronode = {
+              Server = "irc.zeronode.net +6667";
+              LoadModule = [ "simple_away" "nickserv" ];
+              Nick = "ben";
+              Chan = {
+                "#NoAgenda" = {};
+              };
+            };
             #sorcery = {
             #  Server = "irc.sorcery.net +6697";
             #};
author	Ben Sima <ben@bsima.me>	2021-10-17 11:52:47 -0400
committer	Ben Sima <ben@bsima.me>	2021-11-26 13:47:38 -0500
commit	f432b7057738cb5123c8e1b506a2a1199e71ee72 (patch)
tree	f9a1f2eda099530934ea1f56d58ea08ba25e304b /Biz/Cloud
parent	8e1340bda701171e3557840332c4f3c30e1afc28 (diff)