From c53e17b49fcf020b592ff17702c7f0209498f0cf Mon Sep 17 00:00:00 2001 From: "Jill \"oatmealine\" Monoids" Date: Mon, 24 Apr 2023 23:43:34 +0200 Subject: [PATCH] dark-firepit removed. no more crisises --- hosts/dark-firepit/authorizedKeys.nix | 37 --- hosts/dark-firepit/default.nix | 269 ------------------ hosts/dark-firepit/hardware-configuration.nix | 59 ---- hosts/dark-firepit/minecraft.nix | 190 ------------- hosts/dark-firepit/secrets/secrets.nix | 6 - hosts/dark-firepit/srb2k.nix | 116 -------- hosts/dark-firepit/webapps/default.nix | 193 ------------- hosts/dark-firepit/wireguardInterface.nix | 22 -- hosts/dark-firepit/yugoslavia-best.nix | 131 --------- hosts/lucent-firepit/default.nix | 2 +- modules/services/ssh.nix | 5 +- 11 files changed, 2 insertions(+), 1028 deletions(-) delete mode 100644 hosts/dark-firepit/authorizedKeys.nix delete mode 100644 hosts/dark-firepit/default.nix delete mode 100644 hosts/dark-firepit/hardware-configuration.nix delete mode 100644 hosts/dark-firepit/minecraft.nix delete mode 100644 hosts/dark-firepit/secrets/secrets.nix delete mode 100644 hosts/dark-firepit/srb2k.nix delete mode 100644 hosts/dark-firepit/webapps/default.nix delete mode 100644 hosts/dark-firepit/wireguardInterface.nix delete mode 100644 hosts/dark-firepit/yugoslavia-best.nix diff --git a/hosts/dark-firepit/authorizedKeys.nix b/hosts/dark-firepit/authorizedKeys.nix deleted file mode 100644 index 001506b..0000000 --- a/hosts/dark-firepit/authorizedKeys.nix +++ /dev/null @@ -1,37 +0,0 @@ -[ - { - hostname = "aether@subsurface"; - ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface"; - wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw="; - } - { - hostname = "oatmealine@void-defragmented"; - ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy"; - wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg="; - } - { - hostname = "oatmealine@beppy-phone"; - ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH"; - wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4="; - } - { - hostname = "mayflower@BMW-M550d-xDrive"; # car 5 - ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCIeoFll8XBRwu6vbQHUj4LNbvRvLMTdqUP1su9hGxow8olGKIZf/nINkt+/B5w4UumLFnOOROIWVhSH/04oxGVCWdk29ibPo3yYJIAoQrqOXYWCrGpMDd0z2n/0CwyXRAqmQ4rubnUZtnlabYCLh0eWMu9ZRSsSrQ+MiaUHES/vv1MxlLWHoEGfhLzoq7SyIsK88Mirgu9lSeHd/+2JybkQ9kNEWTxnzUPKwOMT0zLGo7vNLmfPhJ1WilQoV4F8skDbbgFNRuLO13ZDn6W2jqZ+zjf3H9khzPivG+oaKfHLMDD/zCwHM3rm3JyJzX7GF9EV73AqbNkzzsf54vKhYRT"; - } - { - hostname = "aether@phone"; - ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5LPWVgsFAH9XErXGZB+lzwb/+7EiEb6eatNWoJag5i JuiceSSH"; - } - { - hostname = "lilith@bms-cab"; - ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFb9uVy1x4XaO1uFOQBuERy6xw8cf7Dh24UT0jJs7g3z lilith@bms-cab"; - } - { - hostname = "swag@BMW-M550d-xDrive"; # mayflower 2 - ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1fJn2ZY9fhBr4E1Gc91uRWS5r+EZ4OHy3RmuAjx7kr swag@BMW-M550d-xDrive"; - } - { - hostname = "aether@Aethers-Mini.station"; - ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHa1Nv8RlnJ4XnyCyMnpixnjNlGwvrj8cpUrFDJ6UhGs aether@Aethers-Mini.station"; - } -] diff --git a/hosts/dark-firepit/default.nix b/hosts/dark-firepit/default.nix deleted file mode 100644 index f520c23..0000000 --- a/hosts/dark-firepit/default.nix +++ /dev/null @@ -1,269 +0,0 @@ -{ pkgs, inputs, lib, ... }: - -let - keys = import ./authorizedKeys.nix; - fetchSSH = (host: lib._.getSSH host keys); - fetchSSHKeys = map fetchSSH; -in { - imports = [ - ./hardware-configuration.nix - ./minecraft.nix - ./srb2k.nix - ./yugoslavia-best.nix - ./webapps/default.nix - inputs.nix-minecraft.nixosModules.minecraft-servers - #inputs.watch-party.nixosModules.watch-party - (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master") - ]; - -# services.auto-fix-vscode-server.enable = true; -# services.vscode-server.enable = true; - - user = { - packages = with pkgs; [ - git - curl - ]; - }; - - users.groups.dotfiles = {}; - users.groups.yugoslavia = {}; - - normalUsers = { - # aether??? is that... reference.../.??? aether https://www.curseforge.com/minecraft/mc-mods/aether mod Curseforge minecraft Forge Patreon Chat twitter code license Assets license All rights reserved categories Last Updated apr 17 2021 Game Version 1.12.2 aether - aether = { - conf = { - packages = with pkgs; [ bat duf broot nftables tmux bottom writefreely helix ]; - shell = pkgs.unstable.fish; - extraGroups = [ "wheel" "nix-users" "dotfiles" ]; - initialHashedPassword = "!"; - openssh.authorizedKeys.keys = fetchSSHKeys [ - "aether@subsurface" - "aether@phone" - "aether@Aethers-Mini.station" - ]; - }; - - homeConf.home = { - sessionVariables = { - EDITOR = "nvim"; - NIX_REMOTE = "daemon"; - }; - }; - }; - - # oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft??????? - oatmealine = { - conf = { - packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ]; - shell = pkgs.unstable.fish; - extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ]; - initialHashedPassword = "!"; - openssh.authorizedKeys.keys = fetchSSHKeys [ - "oatmealine@void-defragmented" - "oatmealine@beppy-phone" - ]; - }; - - homeConf.home = { - sessionVariables = { - EDITOR = "micro"; - NIX_REMOTE = "daemon"; - }; - }; - }; - # i yearn for the day this name ceases to mean - mayflower = { - conf = { - packages = with pkgs; [ micro tmux ]; - shell = pkgs.unstable.fish; - extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ]; - initialHashedPassword = "!"; - openssh.authorizedKeys.keys = fetchSSHKeys [ - "mayflower@BMW-M550d-xDrive" - "swag@BMW-M550d-xDrive" - ]; - }; - - homeConf.home = { - sessionVariables = { - EDITOR = "micro"; - NIX_REMOTE = "daemon"; - }; - }; - }; - - winter = { - conf = { - packages = with pkgs; [ micro ]; - shell = pkgs.unstable.fish; - extraGroups = [ "wheel" "nix-users" "dotfiles" ]; - initialHashedPassword = "!"; - openssh.authorizedKeys.keys = fetchSSHKeys [ - "lilith@bms-cab" - ]; - }; - }; - }; - - keyboard = { - locale = "en_US.UTF-8"; - variant = "qwerty"; - }; - - services.vscode-server.enable = true; - - modules = { - shell.fish.enable = true; - security.isLocalMachine = false; - editors.neovim.enable = true; - remote = { - enable = true; - keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoV7ymOtfC8SYvv31/GGso8DoHKE/KOfoEZ0hjmYtaQg7dyi5ijfDikLZUux8aWivvRofa7SqyaK0Ea+s9KuTX/dreJKz/RKG+QHLjw6U0FSoJ765q56pUy0j0TZoVy4PjSb38of56urg1UmHkK13WQXrvjwdHUjAcVx6PurHAxsbmxhYkJO9Jmvr8CB+PZFKIHjewkgBWkBxD97WFNwDfmBmvh1F5xRn8WhgT+2DVdQ2coN4Eqwc4NWzBUSfrro0gARsJsUvQxdx8f1kJDQKy2lQWCnlgRiD+pK5ocf1wCZfJMs0NQ6xqCZDKDJTcyGNLWH/L57Pg5U5t7BWRTTPmQ== yugoslavia" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX2uRTaL1Nu4KzsSJSVc7R2yCIa4Mw3KuJAMluQO746eXBFeTmRN6Pqc+H0Rpz9nkQ/fB8tYl70FfrYy4suM0QCY1IDbPWaUBmLQYCt6nzCfFY8PTpLoJmeQW3jzG7VqSjjl+uG2KLQqPtzxmvukIJRovhrKcUnPzw4tU4BLy2uGWgJN9sGofWczmtxdijADyOYtasVIr6/Hca5IwMCldbqQ9B1k+VIE87Kv2k5n+LVRVMsVHaVSubIMYZFbZFDW2/oRVg2ainewO0e9XPbtBREVraPnuf7s4uBByk4goQfLhz3B6L4JLbYYijw25+SmeJcesDxJUIIKMCuZChNcyb aura@LAPTOP-MEN8UH6Q" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCL75/Pg5bP7LaXE6uPyyv8QDRivWJC6YcH6oJJztkjqL6g+0xPPiN6I54q/bNF4nHA2BHVUktKUU9bGDEOpYIRq7kegp2/K/+FNTM1Kz6rJSrSc8e0Ogxg8vhD6maxqLU8q+D1OMhBu0UiWUB+GxXmeYfBtXPjpcE+AaJ80BPs7vwiulHPGn7UAcRuP36Z+3JJiN2BQnU2aizXWsgyU575Uy3DVvAt7eHon+SoJiTCs2//5KexJ42U6ZiE6f/oTFdiud70lpxhGgiiFvj6M9RZ0aLoxspiskW45jKLXIMJ+mO6husg9GfvCchbps3YkmH0hZ24Ii1EiFhi5HZMY0Lt mayflower" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrlqH2OShvXdzq1sV5IDuWQzeC9OHBVvwj0+Y0XXwi7 mayflower-thinkpad" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBKMXTLBJ5iIPiO9jiN+AHWxpgG1kcdI0h23+G1FLMnK+xhkmaP9Vjr9QbqQ4mmRqfGERfJW5H2/OvTEUXnrkAp1Jc8oPrc14/auwKivtbMC5tsWzioDMbcAYKrcP37D3Kw1P7nzSyAz3QsRXBRx26OE5NeTo4YfGl/TOkQnoBCDTt8kcziWEvUVeOgnHf3hnszs2H4P6RAyOqjuOH6BWhtbKsCHThTHaAadLgeH5nB1WXLYqG2N1KEzAhj8WBBzPmeZcMMRr5xkqYVj14cd+9syEaenV+wXapoPyDtOb6YtOKArN9RkT0OOqQk17OzxvGqHUEXQ4eGmNgc8BLsGJn rsa-key-20230402" - #fetchSSH "oatmealine@void-defragmented" - #fetchSSH "oatmealine@beppy-phone" - ]; - packages = with pkgs; [ tmux micro ]; - shell = pkgs.unstable.fish; - }; - services = { - ssh = { - enable = true; - requirePassword = false; - }; - - postgres.enable = true; - - mosh = { - enable = true; - }; - - wireguard = { - enable = true; - server = true; - externalInterface = "eno1"; - interfaces."wg0" = import ./wireguardInterface.nix; - }; - - terraria = { - enable = false; - port = 7777; # port-forwarded - messageOfTheDay = "hi"; - openFirewall = true; - worldPath = "/var/lib/terraria/gbj.wld"; - autoCreatedWorldSize = "large"; - dataDir = "/var/lib/terraria"; - }; - - jmusicbot = let - baseOptions = { - owner = 276416332894044160; - game = "Listening to your heartbeat :heart"; - status = "ONLINE"; - songinstatus = true; - - success = "<:observer:1004408859831586907>"; - warning = "<:slugclose:1000202980403974144>"; - error = "🚫!!!!! 🚫🚫🚫 >:(((("; - loading = "<:handsl:966010145698086993><:handsr:966010145886830692>"; - searching = "<:scripulous_fingore_point:1012777703323222087><:scripulous_fingore:1012777704455667754>"; - - npimages = true; - stayinchannel = true; - - aliases = { - nowplaying = [ "np" "current" ]; - play = [ "p" ]; - queue = [ "list" "q" ]; - remove = [ "delete" "d" ]; - skip = [ "s" ]; - forceskip = [ "fs" ]; - movetrack = [ "move" "m" ]; - }; - }; - in { - enable = true; - instances = { - "jomble" = { - enable = true; - package = pkgs.unstable.jmusicbot; - - options = baseOptions // { - token = lib.removeSuffix "\n" (builtins.readFile /etc/jomble_token); - prefix = ";"; - }; - }; - "jillo" = { - enable = true; - package = pkgs.unstable.jmusicbot; - - options = baseOptions // { - token = lib.removeSuffix "\n" (builtins.readFile /etc/jillo_token); - prefix = ":"; - }; - }; - }; - }; - }; - }; - - security.doas = { - extraRules = [ - { users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; } - { users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; } - ]; - }; - - time.timeZone = "Europe/Amsterdam"; - -# If you uncomment this, I will uncomment the spores in your body -# mmm spores ymmnu.uyyy.., :) - networking.useDHCP = false; - - networking = { - # for docs, start here - # https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware - - # temporarily disabled - enableIPv6 = false; - - interfaces.eno1.ipv4.addresses = [ - { address = "51.89.98.8"; - prefixLength = 24; - } - ]; - - defaultGateway = "51.89.98.254"; - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - - #interfaces.eno1.ipv6.addresses = [ - # { address = "2001:41d0:0700:3308::"; - # prefixLength = 64; - # } - # - # { address = "2001:41d0:0700:33ff::"; - # prefixLength = 64; - # } - #]; - - #defaultGateway6 = { - # address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff"; - # address = "33ff::1"; - # address = "2001::1"; - # interface = "eno1"; - #}; - - firewall.allowPing = true; - # minecraft proximity voice chat - firewall.allowedTCPPorts = [ 24454 25567 4499 21025 ]; - firewall.allowedUDPPorts = [ 24454 25567 4499 21025 ]; - }; - -# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68"; -} diff --git a/hosts/dark-firepit/hardware-configuration.nix b/hosts/dark-firepit/hardware-configuration.nix deleted file mode 100644 index 37847e9..0000000 --- a/hosts/dark-firepit/hardware-configuration.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, pkgs, inputs, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot = { - initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelPackages = pkgs.linuxPackages_hardened; - kernelModules = [ "kvm-intel" ]; - loader = { - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - efi.canTouchEfiVariables = true; - }; - }; - - nix.settings.cores = 3; - nix.settings.max-jobs = 6; - - # disabling this is what's considered a "Bad Idea" - # however it is required by packages/ghost.nix, which - # is borrowed from https://notes.abhinavsarkar.net/2022/ghost-on-nixos - # - # i don't know of a cleaner way to do this, and i - # don't want to deal with ghost any longer than i - # already have, so This Will Do - nix.settings.sandbox = false; - - modules.hardware.fs = { - enable = true; - ssd.enable = true; - xfs.enable = true; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/819f03bb-73d2-4ae1-9fd2-01099e8efae6"; - fsType = "xfs"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/D018-F9AF"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/01ba93e4-71e3-404d-9549-351e22130185"; } - { device = "/dev/disk/by-uuid/dee63218-1666-4035-8d63-b9e0e0b2cd28"; } - ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/dark-firepit/minecraft.nix b/hosts/dark-firepit/minecraft.nix deleted file mode 100644 index 0fcddcd..0000000 --- a/hosts/dark-firepit/minecraft.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - darkFirepitWhitelist = { - oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; - RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6"; - Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85"; - DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8"; - SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1"; - FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5"; - hewoicvewse = "98e715cf-b1a4-4d50-9ed0-7d20fbdf240e"; - numpad_7 = "44e6e6d7-770d-4afc-96b1-9999b61ced1d"; - _Zydra = "0af7b31f-63a5-426d-8cee-6c54385856b6"; - }; -in { - config = { - modules.services.minecraft = { - enable = true; - servers = { - "dark-firepit" = { - enable = false; - #autoStart = false; - openFirewall = true; - serverProperties = { - server-port = 25565; - gamemode = 0; - motd = "dark-firepit, 1.19.2 Fabric"; - white-list = true; - max-players = 8; - allow-flight = true; - enable-command-block = true; - enforce-secure-profile = false; - level-type = "terra:overworld/overworld"; - snooper-enabled = false; - spawn-protection = 0; - }; - whitelist = darkFirepitWhitelist; - package = pkgs.minecraftServers.fabric-1_19_2; - jvmOpts = "-Xmx6G"; - }; - "gayrats" = let - packURL = "https://oat.zone/f/gayrats/pack.toml"; - - # https://git.sleeping.town/unascribed/unsup/releases - unsup = pkgs.fetchurl { - url = "https://git.sleeping.town/attachments/c521d178-8938-40a5-b21b-0333eef4099e"; - sha256 = "c5bd49784392b651e4bc71fe57976f5b4fb14f09e0e23183ae5b94a821ae4756"; - }; - unsupIni = '' - version=1 - preset=minecraft - - source_format=packwiz - source=${packURL} - - force_env=server - no_gui=true - ''; - in { - enable = true; - autoStart = true; - openFirewall = true; - serverProperties = { - server-port = 25565; - gamemode = 0; - motd = "dark-firepit, 1.19.2 Fabric"; - white-list = true; - max-players = 8; - allow-flight = true; - enable-command-block = true; - enforce-secure-profile = false; - snooper-enabled = false; - spawn-protection = 0; - }; - symlinks = { - "unsup.ini" = pkgs.writeTextFile { - name = "unsup.ini"; - text = unsupIni; - }; - }; - whitelist = darkFirepitWhitelist; - package = pkgs.minecraftServers.fabric-1_19_2; - jvmOpts = "-Xmx6G -javaagent:${unsup}"; - }; - "n3ko-test" = { - enable = true; - autoStart = true; - openFirewall = true; - serverProperties = { - server-port = 25595; - gamemode = 1; - motd = "N3KO SMP Testing server"; - white-list = true; - max-players = 8; - allow-flight = true; - enable-command-block = true; - enforce-secure-profile = false; - #level-type = "terra:overworld/overworld"; - snooper-enabled = false; - spawn-protection = 0; - }; - whitelist = { - oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; - Cardboxneko = "3d406152-008c-4ec9-bf49-44c883baca6d"; - }; - package = pkgs.fabricServers.fabric-1_18_2; - jvmOpts = "-Xmx4G"; - }; - "wafflecraft" = let - packURL = "https://oat.zone/f/wafflecraft/pack.toml"; - - # https://git.sleeping.town/unascribed/unsup/releases - unsup = pkgs.fetchurl { - url = "https://git.sleeping.town/attachments/c521d178-8938-40a5-b21b-0333eef4099e"; - sha256 = "c5bd49784392b651e4bc71fe57976f5b4fb14f09e0e23183ae5b94a821ae4756"; - }; - unsupIni = '' - version=1 - preset=minecraft - - source_format=packwiz - source=${packURL} - - force_env=server - no_gui=true - - [flavors] - shaders=no_shaders - minimap=no_minimap - barrel_roll=no_barrel_roll - ''; - in { - enable = true; - autoStart = true; - openFirewall = true; - serverProperties = { - server-port = 25535; - gamemode = "survival"; - motd = "wafflecraft Real"; - max-players = 32; - allow-flight = true; - enable-command-block = false; - enforce-secure-profile = false; - snooper-enabled = false; - spawn-protection = 0; - white-list = true; - view-distance = 16; - }; - whitelist = { - oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; - plightshift = "de87f3e6-d44f-40af-8bff-48828694b616"; - mangoafterdawn = "840ad485-1060-4bcf-8730-c552e5c8d62a"; - drazilspirits = "1d912f45-978b-4edc-b026-26bd5ed6ce31"; - segaskullll = "e6d510e6-a1d3-4801-8a5e-52d2c75b2446"; - Tetaes = "4b149260-d56e-4835-b3f6-2dce173a92a5"; - sorae_ = "9639d272-4c20-459d-adea-4aa89ee3cdc1"; - GelloISMello = "a2883a99-fe5d-454d-98b9-d65e4cec7e7e"; - Triplejy2k = "dced0fad-3802-4544-aaad-64d8fd12b1e8"; - RAKKIIsan = "0706e583-82e3-478c-8769-1131fb9aef5d"; - CyberBlue = "151bea19-3d16-45eb-8ae3-3057cde8e8f4"; - numpad_7 = "44e6e6d7-770d-4afc-96b1-9999b61ced1d"; - CERiNG = "8dd710ce-fd30-45a5-9252-739d3c03df19"; - electr1ca = "c18dcc3b-6c11-42e9-b7d8-4b458ea7017d"; - bigboyty69 = "ed735421-c22b-467a-9eac-5c08437ea3e8"; - }; - symlinks = { - "unsup.ini" = pkgs.writeTextFile { - name = "unsup.ini"; - text = unsupIni; - }; - }; - # this is UGLY as FUCK; but unfortunately https://github.com/Infinidoge/nix-minecraft/issues/15 - package = pkgs.jdk17; - jvmOpts = "-Xmx6G -javaagent:${unsup} " - + lib.replaceStrings ["\n"] [" "] (lib.readFile "/srv/minecraft/wafflecraft/libraries/net/minecraftforge/forge/1.18.2-40.2.1/unix_args.txt"); - }; - }; - }; - - systemd.services.minecraft-server-dark-firepit.serviceConfig = { - # packwiz workaround - # https://github.com/Infinidoge/nix-minecraft/issues/12#issuecomment-1235999072 - # TODO: this doesn't work!!! it just goes "error code 1" and refuses to elaborate - #ExecStartPre = [ - # ''cd "/srv/minecraft/dark-firepit"; nix-shell -p adoptopenjdk-hotspot-bin-16 --run "java -jar /srv/minecraft/dark-firepit/packwiz-installer-bootstrap.jar -g 'https://dark-firepit.oat.zone/Fire Pit 1.19.2/pack.toml'"'' - #]; - }; - }; -} diff --git a/hosts/dark-firepit/secrets/secrets.nix b/hosts/dark-firepit/secrets/secrets.nix deleted file mode 100644 index 2ab9ede..0000000 --- a/hosts/dark-firepit/secrets/secrets.nix +++ /dev/null @@ -1,6 +0,0 @@ -let - keys = import ../authorizedKeys.nix; - - "subsurface.aether" = keys."aether@subsurface".ssh; -in - {} diff --git a/hosts/dark-firepit/srb2k.nix b/hosts/dark-firepit/srb2k.nix deleted file mode 100644 index 092fd44..0000000 --- a/hosts/dark-firepit/srb2k.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - colors = builtins.fromJSON ''{ - "white": "\u0080", - "purple": "\u0081", - "yellow": "\u0082", - "green": "\u0083", - "blue": "\u0084", - "red": "\u0085", - "gray": "\u0086", - "orange": "\u0087", - "cyan": "\u0088", - "lavender": "\u0089", - "gold": "\u008a", - "lime": "\u008b", - "steel": "\u008c", - "pink": "\u008d", - "brown": "\u008e", - "peach": "\u008f" - }''; - colorsLua = { - white = "\\128"; - purple = "\\129"; - yellow = "\\130"; - green = "\\131"; - blue = "\\132"; - red = "\\133"; - gray = "\\134"; - orange = "\\135"; - cyan = "\\136"; - lavender = "\\137"; - gold = "\\138"; - lime = "\\139"; - steel = "\\140"; - pink = "\\141"; - brown = "\\142"; - peach = "\\143"; - }; -in { - config = { - modules.services.srb2k = with lib; with builtins; let - addonDir = "/var/lib/srb2k/firepit/"; - fileNames = attrNames (readDir (/. + addonDir)); - addonFileNames = filter (n: hasSuffix ".lua" n || hasSuffix ".kart" n || hasSuffix ".pk3" n || hasSuffix ".wad" n) fileNames; - in { - enable = true; - advertise = true; - addons = map (n: "${addonDir}${n}") addonFileNames; - config = { - maxplayers = 16; - http_source = "https://yugoslavia.best/srb2kaddons/"; - maxsend = "max"; - servername = with colors; "${white}[${cyan}EU${white}] ${lime}yugoslavia.best"; - server_contact = "oat.zone||home of bar"; - }; - serv = with colorsLua; '' - kmp_hardsneakers on - kmp_extendflashtics on - kmp_floatingitemfuse on - kmp_hyudoro on - kmp_haste on - kmp_respawnpoints on - kmp_battleaccel on - maxsend max - fr_enabled off - khaos enable off - - wait 1 - - fd_finishkill off - fd_hitkill off - - wait 1 - - nametag_star on - - wait 1 - - hm_bail on - hm_timelimit 8 - hm_motd on - hm_motd_nag on - hm_motd_name "${lime}yugoslavia.best" - hm_motd_tagline "home of bar" - hm_motd_contact "oat.zone" - hm_restat on - hm_restat_notify on - hm_votable exitlevel - hm_vote_timer 20 - - wait 1 - - hm_specbomb on - - hm_scoreboard on - hm_scoreboard_humor on - wait 1 - hm_scoreboard_addline "${lime}yugoslavia.best${white}: home of bar" - wait 1 - hm_scoreboard_addline " hosted by ${lime}oat.zone" - wait 1 - hm_scoreboard_addline "casual server, anything goes," - hm_scoreboard_addline "feel free to suggest mods to" - wait 1 - hm_scoreboard_addline "${pink}oatmealine#5397 ${white}/ ${pink}oatmealine@disroot.org" - //hm_scoreboard_addline "${white}80${purple}81${yellow}82${green}83${blue}84${red}85${gray}86${orange}87${cyan}88${lavender}89${gold}8a${lime}8b${steel}8c${pink}8d${brown}8e${peach}8f" - - wait 1 - - hf_displaymode 3 - ''; #" - }; - }; -} diff --git a/hosts/dark-firepit/webapps/default.nix b/hosts/dark-firepit/webapps/default.nix deleted file mode 100644 index 814f446..0000000 --- a/hosts/dark-firepit/webapps/default.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let -in { - config = { - modules = { - services = { - #nextcloud = { - # enable = true; - # domain = "nextcloud.dark-firepit.cloud"; - # settings.app.federation = true; - #}; - - #writefreely = { - # enable = true; - # name = "Corruption Biome"; - # domain = "blog.dark-firepit.cloud"; - #}; - - forgejo = { - enable = true; - domain = "git.oat.zone"; - port = 3000; - }; - - matrix.conduit = { - enable = false; - domain = "matrix.dark-firepit.cloud"; - }; - - vaultwarden = { - enable = true; - domain = "vault.aether.gay"; - }; - - # not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection - # prevents other domains from "stealing" content by settings their dns to our ip - # this has happened before by the way on the vps. i have no clue how or why - # update: also optimizes gzip and tls stuff - nginx-config = { - enable = true; - }; - - staticSites = { - "aether.gay".dataDir = "/var/www/aether.gay"; - "dark-firepit.cloud".dataDir = "/var/www/dark-firepit.cloud"; - #"dark-firepit.oat.zone".dataDir = "/var/www/dark-firepit.oat.zone"; - "va11halla.oat.zone".dataDir = "/var/www/va11halla.oat.zone"; - "giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing"; - "modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone"; - "shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best"; - "tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone"; - "tesco-underground-dev.oat.zone".auth = { tesco = builtins.readFile /etc/tesco; }; - "oat.zone".dataDir = "/var/www/oat.zone"; - "oat.zone".php = true; - "yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing"; - "yugoslavia.fishing".php = true; - "educationmath.oat.zone".dataDir = "/var/www/proxy.oat.zone"; - "educationmath.oat.zone".php = true; - "educationmath.oat.zone".auth = { twh = builtins.readFile /etc/proxy_twh; }; - "rivervalleychocolate.com".dataDir = "/var/www/rivervalleychocolate.com"; - "rivervalleychocolate.com".php = true; - "tac.yugoslavia.best".dataDir = "/var/www/tac.yugoslavia.best/public"; - "tac.yugoslavia.best".php = true; - "tac.yugoslavia.best".phpHandlePathing = true; - "pjsk.oat.zone".dataDir = "/var/www/pjsk.oat.zone"; - "mayf.pink".dataDir = "/var/www/mayf.pink"; - "mayf.pink".php = true; - "mayf.pink".phpHandlePathing = true; - "mayf.pink".forceSSL = false; - "wint0r.zone".dataDir = "/var/www/wint0r.zone"; - "puzzle.wint0r.zone".dataDir = "/var/www/puzzle.wint0r.zone"; - }; - - nitter = { - enable = true; - lightweight = false; # enable if shit gets wild; check config for more info - port = 3005; - domain = "nitter.oat.zone"; - }; - - libreddit = { - enable = true; - domain = "libreddit.oat.zone"; - port = 1950; - }; - - #watch-party = { - # enable = true; - # port = 1984; - #}; - - matomo = { - enable = true; - }; - - code-server = { - enable = true; - domain = "dev-firepit.oat.zone"; - port = 4444; - }; - - ghost = { - enable = true; - domain = "blog.oat.zone"; - port = 1357; - }; - - isso = { - enable = true; - port = 1995; - domain = "comments.oat.zone"; - target = "blog.oat.zone"; - }; - }; - }; - - services = { - nginx.virtualHosts = { - "oat.zone" = { - locations."/f/".extraConfig = '' - add_header Access-Control-Allow-Origin "*"; - ''; - extraConfig = '' - error_page 404 /404.html; - error_page 403 /403.html; - ''; - }; - # todo: move to flake - "gdpstest.oat.zone" = { - enableACME = true; - forceSSL = false; - addSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:1982/"; - }; - extraConfig = '' - client_max_body_size 500M; - ''; - }; - # todo: move to flake - "gdicon.oat.zone" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3436/"; - }; - }; - - # https://www.edwinwenink.xyz/posts/47-tilde_server/ - # todo: fix this - "dark-firepit.cloud" = { - locations."~ ^/~([^/\\s]+?)(/[^\\s]*)?$".extraConfig = '' - add_header X-debug-message "/home/$1/www$2" always; - alias /home/$1/www$2; - index index.html index.htm; - autoindex on; - ''; - }; - - "nitter.oat.zone" = { - locations."/".extraConfig = '' - if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') { - return 302 $scheme://fxtwitter.com$request_uri; - } - ''; - }; - - "libreddit.oat.zone" = { - locations."/".extraConfig = '' - if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') { - return 302 $scheme://proxy.knotty.dev$request_uri; - } - ''; - }; - - #"git.oat.zone" = { - # forceSSL = true; - # enableACME = true; - # root = "/var/www/temporarily-down"; - # extraConfig = '' - # error_page 503 /index.html; - # ''; - # locations."/".extraConfig = '' - # return 503; - # try_files /index.html =404; - # ''; - #}; - }; - }; - }; -} diff --git a/hosts/dark-firepit/wireguardInterface.nix b/hosts/dark-firepit/wireguardInterface.nix deleted file mode 100644 index bc354aa..0000000 --- a/hosts/dark-firepit/wireguardInterface.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, pkgs, config, ... }: - -with lib; -let - peerKeys = import ./authorizedKeys.nix; - wgKeys = filter (hasAttr "wg") peerKeys; -in { - ips = [ "10.100.0.1/24" ]; - - privateKeyFile = "/etc/wg0.keys/wg0"; - - listenPort = 51820; - - peers = genList (n: - let - keychain = elemAt wgKeys n; - ip = "10.100.0.${toString (n+2)}/32"; - in { - publicKey = trace "${keychain.hostname}: ${ip}" keychain.wg; - allowedIPs = [ ip ]; - }) (length wgKeys); -} diff --git a/hosts/dark-firepit/yugoslavia-best.nix b/hosts/dark-firepit/yugoslavia-best.nix deleted file mode 100644 index 35b347c..0000000 --- a/hosts/dark-firepit/yugoslavia-best.nix +++ /dev/null @@ -1,131 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - domain = "yugoslavia.best"; - root = "/var/www/${domain}"; -in { - config = { - modules.services.staticSites.${domain} = { - dataDir = root; - php = true; - forceSSL = false; - }; - - services = { - nginx.virtualHosts.${domain} = { - locations."/" = { - extraConfig = '' - error_page 404 /error.php; - ''; - }; - - locations."= /brackets2.html" = { - extraConfig = '' - return 451; - ''; - }; - - locations."/modding-txts/" = { - extraConfig = '' - autoindex on; - sub_filter - ''; - sub_filter 
 ' ';
-            sub_filter
' '; - sub_filter '' ''; - sub_filter '' '
'; - sub_filter '
'; - sub_filter
'
'; - sub_filter_once off; - ''; - }; - - locations."/srb2kaddons/" = { - extraConfig = '' - autoindex on; - alias /var/lib/srb2k/firepit/; - sub_filter - ''; - sub_filter 
 ' ';
-            sub_filter
' '; - sub_filter '' ''; - sub_filter '' '
'; - sub_filter '
'; - sub_filter
'
'; - sub_filter_once off; - ''; - }; - - locations."/__special" = { - extraConfig = '' - internal; - allow all; - root ${root}/nginx/html/__special; - ''; - }; - - locations."= /__md_file" = { - extraConfig = '' - internal; - allow all; - - add_header 'Vary' 'Accept'; - - # redefining - add_header Strict-Transport-Security $hsts_header; - add_header Referrer-Policy origin-when-cross-origin; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - - sub_filter - '$request_filename - yugoslavia.best'; - sub_filter_once on; - - default_type text/html; - alias ${root}/nginx/html/__special/md-renderer.html; - ''; - }; - - locations."~* \\.md" = { - extraConfig = '' - error_page 418 = /__md_file; - - add_header 'Vary' 'Accept'; - - # redefining - add_header Strict-Transport-Security $hsts_header; - add_header Referrer-Policy origin-when-cross-origin; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - - if (!-f $request_filename) { - break; - } - - # if no "text/markdown" in "accept" header: - # redirect to /__md_file to serve html renderer - if ($http_accept !~* "text/markdown") { - return 418; - } - ''; - }; - - extraConfig = '' - types { - text/plain md; - text/html html; - text/plain txt; - text/css css; - application/javascript js; - image/x-icon ico; - image/png png; - image/gif gif; - } - ''; - }; - }; - }; -} diff --git a/hosts/lucent-firepit/default.nix b/hosts/lucent-firepit/default.nix index 210a9c1..fc2f6fd 100644 --- a/hosts/lucent-firepit/default.nix +++ b/hosts/lucent-firepit/default.nix @@ -233,7 +233,7 @@ in { # https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware # temporarily disabled - enableIPv6 = true; + enableIPv6 = false; usePredictableInterfaceNames = false; interfaces.eth0.ipv4.addresses = [ diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index f057b54..0d90369 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -22,15 +22,12 @@ in { services.openssh = { enable = true; - permitRootLogin = "no"; - passwordAuthentication = cfg.requirePassword; -/* settings = { PasswordAuthentication = cfg.requirePassword; PermitRootLogin = "no"; }; -*/ }; + programs.gnupg.agent = { enable = true; enableSSHSupport = true;