2022-01-11 18:44:40 +01:00
{ pkgs , inputs , lib , . . . }:
2022-04-23 03:01:00 +02:00
let
2022-09-05 18:16:09 +02:00
keys = import ./authorizedKeys.nix ;
2022-04-23 03:01:00 +02:00
in {
2022-01-11 18:44:40 +01:00
imports = [
./hardware-configuration.nix
2022-09-05 18:44:19 +02:00
./yugoslavia-best.nix
2022-09-05 18:16:09 +02:00
inputs . nix-minecraft . nixosModules . minecraft-servers
#inputs.watch-party.nixosModules.watch-party
( fetchTarball " h t t p s : / / g i t h u b . c o m / m s t e e n / n i x o s - v s c o d e - s e r v e r / t a r b a l l / m a s t e r " )
2022-01-11 18:44:40 +01:00
] ;
2022-09-05 18:16:09 +02:00
# services.auto-fix-vscode-server.enable = true;
services . vscode-server . enable = true ;
2022-01-11 18:44:40 +01:00
user = {
packages = with pkgs ; [
2022-04-23 03:01:00 +02:00
git
2022-01-11 18:44:40 +01:00
curl
] ;
} ;
2022-09-05 18:44:19 +02:00
users . groups . dotfiles = { } ;
2022-09-14 20:43:49 +02:00
users . groups . yugoslavia = { } ;
2022-09-05 18:44:19 +02:00
2022-09-05 18:16:09 +02:00
normalUsers = {
2022-01-11 18:44:40 +01:00
aether = {
2022-09-05 18:16:09 +02:00
conf = {
packages = with pkgs ; [ bat duf broot nftables tmux ] ;
shell = pkgs . unstable . fish ;
2022-09-05 18:44:19 +02:00
extraGroups = [ " w h e e l " " n i x - u s e r s " " d o t f i l e s " ] ;
2022-09-05 18:16:09 +02:00
initialHashedPassword = " ! " ;
openssh . authorizedKeys . keys = [ keys . " a e t h e r @ s u b s u r f a c e " . ssh ] ;
} ;
homeConf . home = {
sessionVariables = {
EDITOR = " n v i m " ;
NIX_REMOTE = " d a e m o n " ;
} ;
} ;
2022-01-11 18:44:40 +01:00
} ;
2022-09-05 18:16:09 +02:00
2022-09-05 18:44:19 +02:00
# oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft???????
2022-01-11 18:44:40 +01:00
oatmealine = {
2022-09-05 18:16:09 +02:00
conf = {
packages = with pkgs ; [ bat tmux micro direnv nix-direnv ripgrep ] ;
shell = pkgs . unstable . fish ;
2022-09-14 20:43:49 +02:00
extraGroups = [ " w h e e l " " n i x - u s e r s " " d o t f i l e s " " y u g o s l a v i a " ] ;
2022-09-05 18:16:09 +02:00
initialHashedPassword = " ! " ;
openssh . authorizedKeys . keys = [ keys . " o a t m e a l i n e @ v o i d - d e f r a g m e n t e d " . ssh keys . " o a t m e a l i n e @ b e p p y - p h o n e " . ssh ] ;
} ;
homeConf . home = {
sessionVariables = {
EDITOR = " m i c r o " ;
NIX_REMOTE = " d a e m o n " ;
} ;
} ;
2022-04-20 10:53:28 +02:00
} ;
2022-01-11 18:44:40 +01:00
} ;
keyboard = {
locale = " e n _ U S . U T F - 8 " ;
variant = " q w e r t y " ;
} ;
modules = {
2022-04-23 03:10:38 +02:00
shell . fish . enable = true ;
2022-09-05 18:16:09 +02:00
security . isLocalMachine = false ;
editors . neovim . enable = true ;
remote = {
enable = true ;
keys = [
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A B J Q A A A Q E A o V 7 y m O t f C 8 S Y v v 3 1 / G G s o 8 D o H K E / K O f o E Z 0 h j m Y t a Q g 7 d y i 5 i j f D i k L Z U u x 8 a W i v v R o f a 7 S q y a K 0 E a + s 9 K u T X / d r e J K z / R K G + Q H L j w 6 U 0 F S o J 7 6 5 q 5 6 p U y 0 j 0 T Z o V y 4 P j S b 3 8 o f 5 6 u r g 1 U m H k K 1 3 W Q X r v j w d H U j A c V x 6 P u r H A x s b m x h Y k J O 9 J m v r 8 C B + P Z F K I H j e w k g B W k B x D 9 7 W F N w D f m B m v h 1 F 5 x R n 8 W h g T + 2 D V d Q 2 c o N 4 E q w c 4 N W z B U S f r r o 0 g A R s J s U v Q x d x 8 f 1 k J D Q K y 2 l Q W C n l g R i D + p K 5 o c f 1 w C Z f J M s 0 N Q 6 x q C Z D K D J T c y G N L W H / L 5 7 P g 5 U 5 t 7 B W R T T P m Q = = y u g o s l a v i a "
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A B A Q C X 2 u R T a L 1 N u 4 K z s S J S V c 7 R 2 y C I a 4 M w 3 K u J A M l u Q O 7 4 6 e X B F e T m R N 6 P q c + H 0 R p z 9 n k Q / f B 8 t Y l 7 0 F f r Y y 4 s u M 0 Q C Y 1 I D b P W a U B m L Q Y C t 6 n z C f F Y 8 P T p L o J m e Q W 3 j z G 7 V q S j j l + u G 2 K L Q q P t z x m v u k I J R o v h r K c U n P z w 4 t U 4 B L y 2 u G W g J N 9 s G o f W c z m t x d i j A D y O Y t a s V I r 6 / H c a 5 I w M C l d b q Q 9 B 1 k + V I E 8 7 K v 2 k 5 n + L V R V M s V H a V S u b I M Y Z F b Z F D W 2 / o R V g 2 a i n e w O 0 e 9 X P b t B R E V r a P n u f 7 s 4 u B B y k 4 g o Q f L h z 3 B 6 L 4 J L b Y Y i j w 2 5 + S m e J c e s D x J U I I K M C u Z C h N c y b a u r a @ L A P T O P - M E N 8 U H 6 Q "
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A B A Q D R I 9 s G l 0 E m O k N N n h 8 S g R q 1 9 7 g k E y 3 X E w K Z j L I r 2 7 V 9 P f a V O L I A c Z i G c O a 5 q 7 r c 5 F j c C t k Q 9 + / t w E 2 4 b Z p x k K 0 y g r R J B E d T + H G A U m p Y / k R P E n / t q j m w N u 4 3 v Q q O h N S Y m A A z d j J 4 A u R P K 5 s t 8 Q Q y O z K v 5 P n g h w y 8 x P A j O M 3 o 4 n 9 U L M L j V v A u 0 e T m C J M K x E v z 5 F U E I V Z t E i d / n g 4 6 k / b J / n j S h 8 v y G B Q V 4 f J e i 6 M 9 O v w 0 H P q q z W y V / e 0 c 3 h T C l G 4 d f L C K 3 Q v 3 h L h X Q + 8 I 9 i a L 7 D 2 w Z d r 3 F 2 l b g 0 v S / Q c t P Z c 2 8 f 1 g p k F E z V f l E z A k 4 a F w J M M f l Y 0 4 I G 1 D r 4 4 I f M 1 g J b p j r s a - k e y - 2 0 2 2 0 4 2 3 "
2022-09-14 20:43:49 +02:00
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A B A Q C L 7 5 / P g 5 b P 7 L a X E 6 u P y y v 8 Q D R i v W J C 6 Y c H 6 o J J z t k j q L 6 g + 0 x P P i N 6 I 5 4 q / b N F 4 n H A 2 B H V U k t K U U 9 b G D E O p Y I R q 7 k e g p 2 / K / + F N T M 1 K z 6 r J S r S c 8 e 0 O g x g 8 v h D 6 m a x q L U 8 q + D 1 O M h B u 0 U i W U B + G x X m e Y f B t X P j p c E + A a J 8 0 B P s 7 v w i u l H P G n 7 U A c R u P 3 6 Z + 3 J J i N 2 B Q n U 2 a i z X W s g y U 5 7 5 U y 3 D V v A t 7 e H o n + S o J i T C s 2 / / 5 K e x J 4 2 U 6 Z i E 6 f / o T F d i u d 7 0 l p x h G g i i F v j 6 M 9 R Z 0 a L o x s p i s k W 4 5 j K L X I M J + m O 6 h u s g 9 G f v C c h b p s 3 Y k m H 0 h Z 2 4 I i 1 E i F h i 5 H Z M Y 0 L t m a y f l o w e r "
" s s h - e d 2 5 5 1 9 A A A A C 3 N z a C 1 l Z D I 1 N T E 5 A A A A I H r l q H 2 O S h v X d z q 1 s V 5 I D u W Q z e C 9 O H B V v w j 0 + Y 0 X X w i 7 m a y f l o w e r - t h i n k p a d "
2022-09-05 18:16:09 +02:00
keys . " o a t m e a l i n e @ v o i d - d e f r a g m e n t e d " . ssh
keys . " o a t m e a l i n e @ b e p p y - p h o n e " . ssh
] ;
2022-09-14 20:43:49 +02:00
packages = with pkgs ; [ tmux micro ] ;
2022-09-05 18:16:09 +02:00
shell = pkgs . unstable . fish ;
2022-01-11 18:44:40 +01:00
} ;
services = {
2022-09-05 18:16:09 +02:00
ssh = {
enable = true ;
requirePassword = false ;
} ;
2022-01-11 18:44:40 +01:00
postgres . enable = true ;
2022-09-05 18:16:09 +02:00
nextcloud = {
enable = true ;
domain = " c l o u d . a e t h e r . g a y " ;
} ;
2022-01-11 18:44:40 +01:00
gitea = {
enable = true ;
2022-09-05 18:16:09 +02:00
domain = " g i t . o a t . z o n e " ;
port = 3000 ;
} ;
matrix . conduit = {
enable = false ;
domain = " m a t r i x . a e t h e r . g a y " ;
} ;
minecraft = {
enable = true ;
servers = {
" d a r k - f i r e p i t " = {
enable = true ;
autoStart = true ;
openFirewall = true ;
serverProperties = {
server-port = 25565 ;
gamemode = 0 ;
motd = " d a r k - f i r e p i t , 1 . 1 9 . 2 F a b r i c " ;
white-list = true ;
max-players = 8 ;
allow-flight = true ;
enable-command-block = true ;
enforce-secure-profile = false ;
level-type = " t e r r a : o v e r w o r l d / o v e r w o r l d " ;
snooper-enabled = false ;
spawn-protection = 0 ;
} ;
whitelist = {
oatmealine = " 2 4 1 d 7 1 0 3 - 4 c 9 d - 4 c 4 5 - 9 4 6 4 - 8 3 b 5 3 6 5 c e 4 8 e " ;
RustyMyHabibi = " e 2 0 3 0 5 f a - a 4 4 c - 4 4 c 9 - b 6 2 e - 6 9 1 8 e 7 c 7 7 9 d 6 " ;
Dj_Afganistan = " 1 f 8 7 9 9 1 7 - 1 a d 4 - 4 9 c 3 - 9 9 0 8 - 9 0 7 6 9 e e 7 3 f 8 5 " ;
DumbDogDoodles = " d 3 3 e 5 e 3 b - 8 5 a b - 4 c 9 3 - a 6 1 b - 6 0 5 e 2 6 7 3 f b e 8 " ;
SuneFoxie = " 8 2 e 8 2 e f 9 - e a 1 7 - 4 7 9 4 - 9 0 5 1 - 9 2 8 b 5 b 8 6 2 9 c 1 " ;
FuzziestRedMoth = " 2 1 e 1 a d f 8 - 9 3 f 7 - 4 1 7 3 - a 0 8 7 - b 3 a 9 c 0 2 e d e c 5 " ;
} ;
package = pkgs . minecraftServers . fabric-1_19_2 ;
jvmOpts = " - X m x 6 G " ;
} ;
} ;
2022-01-11 18:44:40 +01:00
} ;
2022-09-05 18:16:09 +02:00
2022-04-20 10:53:28 +02:00
wireguard = {
enable = true ;
server = true ;
2022-04-23 03:01:00 +02:00
externalInterface = " e n o 1 " ;
interfaces . " w g 0 " = import ./wireguardInterface.nix ;
2022-04-20 10:53:28 +02:00
} ;
2022-09-05 18:16:09 +02:00
vaultwarden = {
enable = true ;
domain = " v a u l t . a e t h e r . g a y " ;
} ;
jillo = {
enable = false ;
dataDir = " / v a r / l i b / j i l l o " ;
} ;
# not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection
# prevents other domains from "stealing" content by settings their dns to our ip
# this has happened before by the way on the vps. i have no clue how or why
# update: also optimizes gzip and tls stuff
nginx-config = {
enable = true ;
} ;
staticSites = {
" a e t h e r . g a y " . dataDir = " / v a r / w w w / a e t h e r . g a y " ;
" d a r k - f i r e p i t . o a t . z o n e " . dataDir = " / v a r / w w w / d a r k - f i r e p i t . o a t . z o n e " ;
" v a 1 1 h a l l a . o a t . z o n e " . dataDir = " / v a r / w w w / v a 1 1 h a l l a . o a t . z o n e " ;
" g i g e r . y u g o s l a v i a . f i s h i n g " . dataDir = " / v a r / w w w / g i g e r . y u g o s l a v i a . f i s h i n g " ;
" m o d f i l e s . o a t . z o n e " . dataDir = " / v a r / w w w / m o d f i l e s . o a t . z o n e " ;
" s h o p . y u g o s l a v i a . b e s t " . dataDir = " / v a r / w w w / s h o p . y u g o s l a v i a . b e s t " ;
" t e s c o - u n d e r g r o u n d - d e v . o a t . z o n e " . dataDir = " / v a r / w w w / t e s c o - u n d e r g r o u n d - d e v . o a t . z o n e " ;
2022-09-05 18:44:19 +02:00
" t e s c o - u n d e r g r o u n d - d e v . o a t . z o n e " . auth = { tesco = builtins . readFile /etc/tesco ; } ;
2022-09-05 18:16:09 +02:00
" o a t . z o n e " . dataDir = " / v a r / w w w / o a t . z o n e " ;
" o a t . z o n e " . php = true ;
" y u g o s l a v i a . f i s h i n g " . dataDir = " / v a r / w w w / y u g o s l a v i a . f i s h i n g " ;
" y u g o s l a v i a . f i s h i n g " . php = true ;
} ;
nitter = {
enable = true ;
lightweight = false ; # enable if shit gets wild; check config for more info
port = 3005 ;
domain = " n i t t e r . o a t . z o n e " ;
} ;
#watch-party = {
# enable = true;
# port = 1984;
#};
terraria = {
enable = false ;
port = 7777 ; # port-forwarded
messageOfTheDay = " h i " ;
openFirewall = true ;
worldPath = " / v a r / l i b / t e r r a r i a / g b j . w l d " ;
autoCreatedWorldSize = " l a r g e " ;
dataDir = " / v a r / l i b / t e r r a r i a " ;
} ;
matomo = {
enable = true ;
} ;
isso = {
enable = true ;
port = 1995 ;
} ;
2022-01-11 18:44:40 +01:00
} ;
} ;
2022-09-14 20:43:49 +02:00
systemd . services . minecraft-server-dark-firepit . serviceConfig = {
# packwiz workaround
# https://github.com/Infinidoge/nix-minecraft/issues/12#issuecomment-1235999072
# TODO: this doesn't work!!! it just goes "error code 1" and refuses to elaborate
#ExecStartPre = [
# ''cd "/srv/minecraft/dark-firepit"; nix-shell -p adoptopenjdk-hotspot-bin-16 --run "java -jar /srv/minecraft/dark-firepit/packwiz-installer-bootstrap.jar -g 'https://dark-firepit.oat.zone/Fire Pit 1.19.2/pack.toml'"''
#];
} ;
2022-09-05 18:16:09 +02:00
services . nginx . virtualHosts . " o a t . z o n e " = {
locations . " / f / " . extraConfig = ''
2022-09-05 18:44:19 +02:00
add_header Access-Control-Allow-Origin " * " ;
2022-09-05 18:16:09 +02:00
'' ;
} ;
2022-04-23 03:01:00 +02:00
security . doas = {
extraRules = [
2022-09-05 18:16:09 +02:00
{ users = [ " a e t h e r " ] ; noPass = false ; persist = true ; keepEnv = true ; }
{ users = [ " o a t m e a l i n e " ] ; noPass = true ; persist = false ; keepEnv = true ; }
2022-04-23 03:01:00 +02:00
] ;
2022-01-11 18:44:40 +01:00
} ;
2022-04-23 03:01:00 +02:00
time . timeZone = " E u r o p e / A m s t e r d a m " ;
2022-09-05 18:16:09 +02:00
# If you uncomment this, I will uncomment the spores in your body
# mmm spores ymmnu.uyyy.., :)
networking . useDHCP = false ;
networking = {
# for docs, start here
# https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
enableIPv6 = true ; # true by default, but better safe than sorry
interfaces . eno1 . ipv4 . addresses = [
{ address = " 5 1 . 8 9 . 9 8 . 8 " ;
prefixLength = 24 ;
}
] ;
defaultGateway = " 5 1 . 8 9 . 9 8 . 2 5 4 " ;
nameservers = [ " 8 . 8 . 8 . 8 " " 1 . 1 . 1 . 1 " ] ;
interfaces . eno1 . ipv6 . addresses = [
{ address = " 2 0 0 1 : 4 1 d 0 : 0 7 0 0 : 3 3 0 8 : : " ;
prefixLength = 64 ;
}
] ;
defaultGateway6 = {
address = " 2 0 0 1 : 4 1 d 0 : 0 7 0 0 : 3 3 f f : 0 0 f f : 0 0 f f : 0 0 f f : 0 0 f f " ;
# address = "33ff::1";
# address = "2001::1";
interface = " e n o 1 " ;
} ;
/*
dhcpcd . persistent = true ;
dhcpcd . extraConfig = ''
clientid d0:50:99:d4:04:68:d0:50:99:d4:04:68
noipv6rs
interface eno1
ia_pd 1/2001 : 4 1 d0:700:3308::/56 eno1
static ip6_address = 2001 : 4 1 d0:700:3308::1/56
'' ;
* /
firewall . allowPing = true ;
# minecraft proximity voice chat
firewall . allowedTCPPorts = [ 24454 ] ;
firewall . allowedUDPPorts = [ 24454 ] ;
} ;
# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68";
2022-01-11 18:44:40 +01:00
}