diff options
Diffstat (limited to 'Biz/Cloud')
| -rw-r--r-- | Biz/Cloud/Cgit.nix | 85 | ||||
| -rw-r--r-- | Biz/Cloud/Chat.nix | 50 | ||||
| -rw-r--r-- | Biz/Cloud/Comms.nix | 5 | ||||
| -rw-r--r-- | Biz/Cloud/Comms/Mumble.nix | 7 | ||||
| -rw-r--r-- | Biz/Cloud/Comms/Xmpp.nix | 27 | ||||
| -rw-r--r-- | Biz/Cloud/Git.nix | 21 | ||||
| -rw-r--r-- | Biz/Cloud/Gmnisrv.nix | 23 | ||||
| -rw-r--r-- | Biz/Cloud/Hardware.nix | 8 | ||||
| -rw-r--r-- | Biz/Cloud/Hub.nix | 2 | ||||
| -rw-r--r-- | Biz/Cloud/Mail.nix | 18 | ||||
| -rw-r--r-- | Biz/Cloud/Networking.nix | 33 | ||||
| -rw-r--r-- | Biz/Cloud/NostrRelay.nix | 6 | ||||
| -rw-r--r-- | Biz/Cloud/Ports.nix | 10 | ||||
| -rw-r--r-- | Biz/Cloud/Web.nix | 89 | ||||
| -rw-r--r-- | Biz/Cloud/Znc.nix | 49 |
15 files changed, 213 insertions, 220 deletions
diff --git a/Biz/Cloud/Cgit.nix b/Biz/Cloud/Cgit.nix index 0b3a71b..23fa00f 100644 --- a/Biz/Cloud/Cgit.nix +++ b/Biz/Cloud/Cgit.nix @@ -4,20 +4,21 @@ with lib; let globalConfig = config; settingsFormat = { - type = with lib.types; let - value = oneOf [ int str ] // { - description = "INI-like atom (int or string)"; - }; - values = coercedTo value lib.singleton (listOf value) // { - description = value.description + " or a list of them for duplicate keys"; - }; - in - attrsOf (values); + type = with lib.types; + let + value = oneOf [ int str ] // { + description = "INI-like atom (int or string)"; + }; + values = coercedTo value lib.singleton (listOf value) // { + description = value.description + + " or a list of them for duplicate keys"; + }; + in attrsOf (values); generate = name: values: - pkgs.writeText name (lib.generators.toKeyValue { listsAsDuplicateKeys = true; } values); + pkgs.writeText name + (lib.generators.toKeyValue { listsAsDuplicateKeys = true; } values); }; -in -{ +in { options.services.nginx.virtualHosts = mkOption { type = types.attrsOf (types.submodule ({ config, ... }: let @@ -48,8 +49,7 @@ in # Remove the global options for serialization into cgitrc settings = removeAttrs cfg (attrNames options); - in - { + in { options.cgit = mkOption { type = types.submodule { freeformType = settingsFormat.type; @@ -86,60 +86,49 @@ in ''; }; - config = let - location = removeSuffix "/" cfg.location; + config = let location = removeSuffix "/" cfg.location; in mkIf cfg.enable { locations."${location}/" = { root = "${pkgs.cgit}/cgit/"; tryFiles = "$uri @cgit"; }; - locations."~ ^${location}/(cgit.(css|png)|favicon.ico|robots.txt)$" = { - alias = "${pkgs.cgit}/cgit/$1"; - }; + locations."~ ^${location}/(cgit.(css|png)|favicon.ico|robots.txt)$" = + { + alias = "${pkgs.cgit}/cgit/$1"; + }; locations."@cgit" = { extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param CGIT_CONFIG ${settingsFormat.generate "cgitrc" settings}; + fastcgi_param CGIT_CONFIG ${ + settingsFormat.generate "cgitrc" settings + }; fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; fastcgi_pass unix:${globalConfig.services.fcgiwrap.socketAddress}; - '' + ( - if cfg.location == "/" - then - '' - fastcgi_param PATH_INFO $uri; - '' - else - '' - fastcgi_split_path_info ^(${location}/)(/?.+)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - '' - ) + ( - if !cfg.allowCrawlers - then - '' - add_header X-Robots-Tag "noindex, follow" always; - '' - else "" - ); + '' + (if cfg.location == "/" then '' + fastcgi_param PATH_INFO $uri; + '' else '' + fastcgi_split_path_info ^(${location}/)(/?.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + '') + (if !cfg.allowCrawlers then '' + add_header X-Robots-Tag "noindex, follow" always; + '' else + ""); }; }; })); }; - config = - let - vhosts = config.services.nginx.virtualHosts; - in - mkIf (any (name: vhosts.${name}.cgit.enable) (attrNames vhosts)) { - # make the cgitrc manpage available - environment.systemPackages = [ pkgs.cgit ]; + config = let vhosts = config.services.nginx.virtualHosts; + in mkIf (any (name: vhosts.${name}.cgit.enable) (attrNames vhosts)) { + # make the cgitrc manpage available + environment.systemPackages = [ pkgs.cgit ]; - services.fcgiwrap.enable = true; - }; + services.fcgiwrap.enable = true; + }; meta = { maintainers = with lib.maintainers; [ bsima ]; # afix-space hmenke ]; diff --git a/Biz/Cloud/Chat.nix b/Biz/Cloud/Chat.nix index be856d8..7f86621 100644 --- a/Biz/Cloud/Chat.nix +++ b/Biz/Cloud/Chat.nix @@ -24,21 +24,17 @@ in { enable = false; settings.server_name = config.networking.domain; #registration_shared_secret = "AkGRWSQLga3RoKRFnHhKoeCEIeZzu31y4TRzMRkMyRbBnETkVTSxilf24qySLzQn"; - settings.listeners = [ - { - port = matrix_port; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; + settings.listeners = [{ + port = matrix_port; + bind_address = "::1"; + type = "http"; + tls = false; + x_forwarded = true; + resources = [{ + names = [ "client" "federation" ]; + compress = false; + }]; + }]; }; # matrix needs a database # @@ -55,23 +51,21 @@ in { # route to matrix-synapse "${config.networking.domain}" = { locations."= /.well-known/matrix/server".extraConfig = - let - server = { "m.server" = "${fqdn}:443"; }; + let server = { "m.server" = "${fqdn}:443"; }; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; } ; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; + locations."= /.well-known/matrix/client".extraConfig = let + client = { + "m.homeserver" = { "base_url" = "https://${fqdn}"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; + in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; }; # reverse proxy for matrix client-server and server-server communication "${fqdn}" = { diff --git a/Biz/Cloud/Comms.nix b/Biz/Cloud/Comms.nix index 700296d..bf7a763 100644 --- a/Biz/Cloud/Comms.nix +++ b/Biz/Cloud/Comms.nix @@ -1,8 +1,5 @@ { ... }: { - imports = [ - ./Comms/Xmpp.nix - ./Comms/Mumble.nix - ]; + imports = [ ./Comms/Xmpp.nix ./Comms/Mumble.nix ]; } diff --git a/Biz/Cloud/Comms/Mumble.nix b/Biz/Cloud/Comms/Mumble.nix index d728a07..66d21a5 100644 --- a/Biz/Cloud/Comms/Mumble.nix +++ b/Biz/Cloud/Comms/Mumble.nix @@ -1,8 +1,7 @@ { config, ... }: # mumble and related services -let - ports = import ../Ports.nix; +let ports = import ../Ports.nix; in { services.murmur = { enable = true; @@ -20,9 +19,7 @@ in { listening_addr = "127.0.0.1"; listening_port = ports.botamusique; }; - radio = { - lofi = "https://live.hunter.fm/lofi_high"; - }; + radio = { lofi = "https://live.hunter.fm/lofi_high"; }; }; }; } diff --git a/Biz/Cloud/Comms/Xmpp.nix b/Biz/Cloud/Comms/Xmpp.nix index af52f3f..ad8649b 100644 --- a/Biz/Cloud/Comms/Xmpp.nix +++ b/Biz/Cloud/Comms/Xmpp.nix @@ -11,22 +11,19 @@ let in { networking.firewall.allowedTCPPorts = [ # https://prosody.im/doc/ports - 5000 # file transfer - 5222 # client connections - 5269 # server-to-server - 5280 # http - 5281 # https - 5347 # external components - 5582 # telnet console + 5000 # file transfer + 5222 # client connections + 5269 # server-to-server + 5280 # http + 5281 # https + 5347 # external components + 5582 # telnet console ]; services.prosody = { enable = true; - package = pkgs.prosody.override { - withCommunityModules = [ - "conversejs" - ]; - }; + package = + pkgs.prosody.override { withCommunityModules = [ "conversejs" ]; }; # when i learn how to use security.acme better, and use separate certs, then i # can fix this group @@ -36,7 +33,7 @@ in { inherit ssl; uploadHttp = { domain = "upload.${rootDomain}"; - uploadExpireAfter = toString (60*60*24*30); # 30 days, as seconds + uploadExpireAfter = toString (60 * 60 * 24 * 30); # 30 days, as seconds }; modules = { @@ -129,9 +126,7 @@ in { }; }; - services.prosody-filer = { - enable = true; - }; + services.prosody-filer = { enable = true; }; services.nginx.virtualHosts."${rootDomain}".locations = { "/http-bind" = { diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix index 6e3d8c8..3ef4530 100644 --- a/Biz/Cloud/Git.nix +++ b/Biz/Cloud/Git.nix @@ -67,12 +67,15 @@ in { ]; jvmOpts = [ # https://stackoverflow.com/a/71817404 - "--add-opens" "java.base/java.lang=ALL-UNNAMED" - "--add-opens" "java.base/java.util=ALL-UNNAMED" + "--add-opens" + "java.base/java.lang=ALL-UNNAMED" + "--add-opens" + "java.base/java.util=ALL-UNNAMED" ]; plugins = [ (pkgs.fetchurl { - url = "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; + url = + "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; sha256 = "sha256-MS3ElMRUrBX4miiflepMETRK3SaASqpqO3nUn9kq3Gk="; }) ]; @@ -81,14 +84,16 @@ in { settings = { auth.type = "OAUTH"; auth.gitBasicAuthPolicy = "HTTP"; - download.command = [ "checkout" "cherry_pick" "pull" "format_patch"]; + download.command = [ "checkout" "cherry_pick" "pull" "format_patch" ]; gerrit.canonicalWebUrl = "https://gerrit.${domain}"; - httpd.listenUrl = "proxy-https://${config.services.gerrit.listenAddress}"; + httpd.listenUrl = + "proxy-https://${config.services.gerrit.listenAddress}"; plugin.gerrit-oauth-provider-github-oauth = { root-url = "https://github.com"; client-id = "e48084aa0eebe31a2b18"; }; - sshd.advertisedAddress = "gerrit.${domain}:${toString ports.gerrit-ssh}"; + sshd.advertisedAddress = + "gerrit.${domain}:${toString ports.gerrit-ssh}"; sshd.listenAddress = "[::]:${toString ports.gerrit-ssh}"; }; }; @@ -114,7 +119,5 @@ in { }; "nginx".extraGroups = [ "git" ]; }; - users.groups = { - gitDaemon = {}; - }; + users.groups = { gitDaemon = { }; }; } diff --git a/Biz/Cloud/Gmnisrv.nix b/Biz/Cloud/Gmnisrv.nix index 2f7672b..e2a66f6 100644 --- a/Biz/Cloud/Gmnisrv.nix +++ b/Biz/Cloud/Gmnisrv.nix @@ -1,11 +1,6 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, pkgs, ... }: -let - cfg = config.services.gmnisrv; +let cfg = config.services.gmnisrv; in { meta.maintainers = [ lib.maintainers.bsima ]; options.services.gmnisrv = { @@ -20,9 +15,7 @@ in { Configuration for gmnisrv. See gmnisrv.ini(5) for supported settings. ''; default = { - ":tls" = { - "store" = lib.mkDefault "${cfg.dataDir}/certs"; - }; + ":tls" = { "store" = lib.mkDefault "${cfg.dataDir}/certs"; }; }; }; dataDir = lib.mkOption { @@ -36,10 +29,12 @@ in { description = "gmnisrv service"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; - script = let ini = lib.generators.toINIWithGlobalSection {} { - globalSection = {"listen" = cfg.listen;}; - sections = cfg.settings; - }; in "${pkgs.gmnisrv}/bin/gmnisrv -C ${ini}"; + script = let + ini = lib.generators.toINIWithGlobalSection { } { + globalSection = { "listen" = cfg.listen; }; + sections = cfg.settings; + }; + in "${pkgs.gmnisrv}/bin/gmnisrv -C ${ini}"; }; }; } diff --git a/Biz/Cloud/Hardware.nix b/Biz/Cloud/Hardware.nix index ab775dc..8fdbd4e 100644 --- a/Biz/Cloud/Hardware.nix +++ b/Biz/Cloud/Hardware.nix @@ -1,7 +1,9 @@ -{ modulesPath, ... }: -{ +{ modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.device = "/dev/vda"; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; } diff --git a/Biz/Cloud/Hub.nix b/Biz/Cloud/Hub.nix index bc346a8..39bbdd0 100644 --- a/Biz/Cloud/Hub.nix +++ b/Biz/Cloud/Hub.nix @@ -11,7 +11,7 @@ let inherit settings; }; motdFile = pkgs.writeText "motd" '' - Meshheads write code. + Meshheads write code. ''; rulesFile = pkgs.writeText "rules" '' 1. x diff --git a/Biz/Cloud/Mail.nix b/Biz/Cloud/Mail.nix index 4ff3fd6..fa99cf3 100644 --- a/Biz/Cloud/Mail.nix +++ b/Biz/Cloud/Mail.nix @@ -1,13 +1,10 @@ { ... }: -/* - -Known issues: - -- when the acme cert gets refreshed, you need to manually restart dovecot -- when restarting dovecot, it might hang, in that case do: - systemctl --job-mode=ignore-dependencies restart dovecot2 postfix +/* Known issues: + - when the acme cert gets refreshed, you need to manually restart dovecot + - when restarting dovecot, it might hang, in that case do: + systemctl --job-mode=ignore-dependencies restart dovecot2 postfix */ { @@ -47,10 +44,9 @@ Known issues: quota = "10G"; }; "nick@simatime.com" = { - hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; - aliases = [ - "nicolai@simatime.com" - ]; + hashedPassword = + "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; + aliases = [ "nicolai@simatime.com" ]; quota = "1G"; }; }; diff --git a/Biz/Cloud/Networking.nix b/Biz/Cloud/Networking.nix index 05a1608..1c1f832 100644 --- a/Biz/Cloud/Networking.nix +++ b/Biz/Cloud/Networking.nix @@ -2,8 +2,7 @@ # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ "8.8.8.8" - ]; + nameservers = [ "8.8.8.8" ]; defaultGateway = "143.198.112.1"; defaultGateway6 = "2604:a880:400:d0::1"; dhcpcd.enable = false; @@ -11,15 +10,33 @@ interfaces = { eth0 = { ipv4.addresses = [ - { address="143.198.118.179"; prefixLength=20; } -{ address="10.10.0.7"; prefixLength=16; } + { + address = "143.198.118.179"; + prefixLength = 20; + } + { + address = "10.10.0.7"; + prefixLength = 16; + } ]; ipv6.addresses = [ - { address="2604:a880:400:d0::19f1:7001"; prefixLength=64; } -{ address="fe80::a06e:26ff:fee1:941"; prefixLength=64; } + { + address = "2604:a880:400:d0::19f1:7001"; + prefixLength = 64; + } + { + address = "fe80::a06e:26ff:fee1:941"; + prefixLength = 64; + } ]; - ipv4.routes = [ { address = "143.198.112.1"; prefixLength = 32; } ]; - ipv6.routes = [ { address = "2604:a880:400:d0::1"; prefixLength = 128; } ]; + ipv4.routes = [{ + address = "143.198.112.1"; + prefixLength = 32; + }]; + ipv6.routes = [{ + address = "2604:a880:400:d0::1"; + prefixLength = 128; + }]; }; }; diff --git a/Biz/Cloud/NostrRelay.nix b/Biz/Cloud/NostrRelay.nix index 73c1366..0be8a6f 100644 --- a/Biz/Cloud/NostrRelay.nix +++ b/Biz/Cloud/NostrRelay.nix @@ -27,10 +27,8 @@ in { ''; script = "nostr-rs-relay --db ${dataDir}"; serviceConfig = { - Environment = [ - "RUST_LOG=info,nostr_rs_relay=info" - "APP_DATA=${dataDir}" - ]; + Environment = + [ "RUST_LOG=info,nostr_rs_relay=info" "APP_DATA=${dataDir}" ]; WorkingDirectory = dataDir; KillSignal = "INT"; Type = "simple"; diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix index 56a1ae7..69968fb 100644 --- a/Biz/Cloud/Ports.nix +++ b/Biz/Cloud/Ports.nix @@ -15,7 +15,10 @@ headscale = 8844; hoogle = 8008; http = 80; - httpdev = { from = 8000; to = 8099; }; + httpdev = { + from = 8000; + to = 8099; + }; https = 443; invidious = 8086; jellyfin = 8096; @@ -33,7 +36,10 @@ stableDiffusion = 8501; syncthing-gui = 8384; tor = 144; - torrents = { from = 3000; to = 3099; }; + torrents = { + from = 3000; + to = 3099; + }; wireguard = 51820; znc = 5000; } diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index f97f6e0..b54e108 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -3,9 +3,8 @@ let rootDomain = config.networking.domain; ports = import ./Ports.nix; -in -{ - imports = [ ./Gmnisrv.nix ]; +in { + imports = [ ./Gmnisrv.nix ]; networking.firewall = { allowedTCPPorts = [ ports.ssh @@ -86,9 +85,7 @@ in listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}"; settings = { ":tls" = { store = "/var/lib/gmnisrv"; }; - "bsima.me" = { - "root" = "/var/web/ben"; - }; + "bsima.me" = { "root" = "/var/web/ben"; }; "${rootDomain}" = { "root" = "/var/web/simatime.com"; "cgi" = "on"; @@ -116,7 +113,12 @@ in # redirect '/git' to '/git/' "/git".return = "301 https://$host/git/"; # nostr nip-5 verification - "/.well-known/nostr.json".return = "200 '${builtins.toJSON { names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436";}}'"; + "/.well-known/nostr.json".return = "200 '${ + builtins.toJSON { + names.bensima = + "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; + } + }'"; # disabled for nixpert test "/" = { root = "/var/web/simatime.com"; @@ -149,19 +151,22 @@ in }; "hoogle.${rootDomain}" = { - locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}"; + locations."/".proxyPass = + "http://${ports.bensIp}:${toString ports.hoogle}"; forceSSL = true; useACMEHost = rootDomain; }; "tv.${rootDomain}" = { - locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.jellyfin}"; + locations."/".proxyPass = + "http://${ports.bensIp}:${toString ports.jellyfin}"; forceSSL = true; useACMEHost = rootDomain; }; "cal.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.radicale}"; + locations."/".proxyPass = + "http://localhost:${toString ports.radicale}"; forceSSL = true; useACMEHost = rootDomain; extraConfig = '' @@ -173,7 +178,8 @@ in }; "reddit.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.libreddit}"; + locations."/".proxyPass = + "http://localhost:${toString ports.libreddit}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -189,7 +195,8 @@ in }; "youtube.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.invidious}"; + locations."/".proxyPass = + "http://localhost:${toString ports.invidious}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -205,13 +212,15 @@ in }; "dragons.dev" = { - locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dragons}"; + locations."/".proxyPass = + "http://${ports.bensIp}:${toString ports.dragons}"; forceSSL = true; useACMEHost = rootDomain; }; "dandel-rovbur.${rootDomain}" = { - locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; + locations."/".proxyPass = + "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -226,7 +235,8 @@ in forceSSL = true; useACMEHost = rootDomain; locations."/" = { - proxyPass = "http://${ports.bensIp}:${toString ports.stableDiffusion}"; + proxyPass = + "http://${ports.bensIp}:${toString ports.stableDiffusion}"; proxyWebsockets = true; }; }; @@ -234,7 +244,8 @@ in "music.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; - locations."/".proxyPass = "http://localhost:${toString ports.botamusique}"; + locations."/".proxyPass = + "http://localhost:${toString ports.botamusique}"; }; "nostr.${rootDomain}" = { @@ -275,28 +286,26 @@ in }; # This must contain all of the other domains we host - security.acme.certs.${rootDomain}.extraDomainNames = [ - "bsima.me" "www.bsima.me" - "dragons.dev" - "nixpert.chat" - ] ++ map (sub: "${sub}.${rootDomain}") [ - "music" - "tv" - "matrix" - "chat" - "hoogle" - "dandel-rovbur" - "sabten" - "cal" - "notebook" - "nostr" - "reddit" - "old.reddit" - "www.reddit" - "youtube" - "www.youtube" - "m.youtube" - "sd" - "gerrit" - ]; + security.acme.certs.${rootDomain}.extraDomainNames = + [ "bsima.me" "www.bsima.me" "dragons.dev" "nixpert.chat" ] + ++ map (sub: "${sub}.${rootDomain}") [ + "music" + "tv" + "matrix" + "chat" + "hoogle" + "dandel-rovbur" + "sabten" + "cal" + "notebook" + "nostr" + "reddit" + "old.reddit" + "www.reddit" + "youtube" + "www.youtube" + "m.youtube" + "sd" + "gerrit" + ]; } diff --git a/Biz/Cloud/Znc.nix b/Biz/Cloud/Znc.nix index 79eee95..caa8e88 100644 --- a/Biz/Cloud/Znc.nix +++ b/Biz/Cloud/Znc.nix @@ -1,9 +1,6 @@ -/* - -N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' - -- https://wiki.znc.in/Configuration +/* N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' + - https://wiki.znc.in/Configuration */ { pkgs, ... }: @@ -13,10 +10,11 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' znc = { enable = true; openFirewall = true; - modulePackages = with pkgs.zncModules; [ - #backlog clientaway clientbuffer - #ignore - ]; + modulePackages = with pkgs.zncModules; + [ + #backlog clientaway clientbuffer + #ignore + ]; useLegacyConfig = false; config = { LoadModule = [ "adminlog" ]; @@ -36,34 +34,30 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' LoadModule = [ "simple_away" "nickserv" "sasl" ]; Nick = "bsima"; Chan = { - "#emacs" = { Detached = true; }; - "#guile" = {}; - "#guix" = { Detached = true; }; - "#haskell" = {}; - "#hledger" = {}; - "#nixos" = {}; - "#notmuch" = { Detached = true; }; - "#org-mode" = { Detached = true; }; - "#scheme" = { Detached = true; }; - "#sr.ht" = { Detached = true; }; - "#xmonad" = { Detached = true; }; + "#emacs" = { Detached = true; }; + "#guile" = { }; + "#guix" = { Detached = true; }; + "#haskell" = { }; + "#hledger" = { }; + "#nixos" = { }; + "#notmuch" = { Detached = true; }; + "#org-mode" = { Detached = true; }; + "#scheme" = { Detached = true; }; + "#sr.ht" = { Detached = true; }; + "#xmonad" = { Detached = true; }; }; }; oftc = { Server = "irc.oftc.net +6697"; LoadModule = [ "simple_away" "nickserv" ]; Nick = "bsima"; - Chan = { - "#home-manager" = {}; - }; + Chan = { "#home-manager" = { }; }; }; zeronode = { Server = "irc.zeronode.net +6667"; LoadModule = [ "simple_away" "nickserv" ]; Nick = "ben"; - Chan = { - "#NoAgenda" = {}; - }; + Chan = { "#NoAgenda" = { }; }; }; #sorcery = { # Server = "irc.sorcery.net +6697"; @@ -71,7 +65,8 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' }; Pass.password = { Method = "sha256"; - Hash = "bead16d806e7bf5cbbc31d572b20f01e2b253eb60e2497ce465df56306becd02"; + Hash = + "bead16d806e7bf5cbbc31d572b20f01e2b253eb60e2497ce465df56306becd02"; Salt = "/GhmBMc+E6b7qd8muFEe"; }; }; |