dotfiles/hosts/dark-firepit/default.nix

588 lines
20 KiB
Nix

{ pkgs, inputs, lib, ... }:
let
keys = import ./authorizedKeys.nix;
fetchSSH = (host: lib._.getSSH host keys);
fetchSSHKeys = map fetchSSH;
in {
imports = [
./hardware-configuration.nix
./yugoslavia-best.nix
inputs.nix-minecraft.nixosModules.minecraft-servers
#inputs.watch-party.nixosModules.watch-party
(fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master")
];
# services.auto-fix-vscode-server.enable = true;
services.vscode-server.enable = true;
user = {
packages = with pkgs; [
git
curl
];
};
users.groups.dotfiles = {};
users.groups.yugoslavia = {};
normalUsers = {
# aether??? is that... reference.../.??? aether https://www.curseforge.com/minecraft/mc-mods/aether mod Curseforge minecraft Forge Patreon Chat twitter code license Assets license All rights reserved categories Last Updated apr 17 2021 Game Version 1.12.2 aether
aether = {
conf = {
packages = with pkgs; [ bat duf broot nftables tmux bottom writefreely ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"aether@subsurface"
"aether@phone"
];
};
homeConf.home = {
sessionVariables = {
EDITOR = "nvim";
NIX_REMOTE = "daemon";
};
};
};
# oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft???????
oatmealine = {
conf = {
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep _.glitch-soc ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"oatmealine@void-defragmented"
"oatmealine@beppy-phone"
];
};
homeConf.home = {
sessionVariables = {
EDITOR = "micro";
NIX_REMOTE = "daemon";
};
};
};
mayflower = {
conf = {
packages = with pkgs; [ micro tmux ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"mayflower@BMW-M550d-xDrive"
"swag@BMW-M550d-xDrive"
];
};
homeConf.home = {
sessionVariables = {
EDITOR = "micro";
NIX_REMOTE = "daemon";
};
};
};
winter = {
conf = {
packages = with pkgs; [ micro ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"lilith@bms-cab"
];
};
};
};
keyboard = {
locale = "en_US.UTF-8";
variant = "qwerty";
};
modules = {
shell.fish.enable = true;
security.isLocalMachine = false;
editors.neovim.enable = true;
remote = {
enable = true;
keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoV7ymOtfC8SYvv31/GGso8DoHKE/KOfoEZ0hjmYtaQg7dyi5ijfDikLZUux8aWivvRofa7SqyaK0Ea+s9KuTX/dreJKz/RKG+QHLjw6U0FSoJ765q56pUy0j0TZoVy4PjSb38of56urg1UmHkK13WQXrvjwdHUjAcVx6PurHAxsbmxhYkJO9Jmvr8CB+PZFKIHjewkgBWkBxD97WFNwDfmBmvh1F5xRn8WhgT+2DVdQ2coN4Eqwc4NWzBUSfrro0gARsJsUvQxdx8f1kJDQKy2lQWCnlgRiD+pK5ocf1wCZfJMs0NQ6xqCZDKDJTcyGNLWH/L57Pg5U5t7BWRTTPmQ== yugoslavia"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX2uRTaL1Nu4KzsSJSVc7R2yCIa4Mw3KuJAMluQO746eXBFeTmRN6Pqc+H0Rpz9nkQ/fB8tYl70FfrYy4suM0QCY1IDbPWaUBmLQYCt6nzCfFY8PTpLoJmeQW3jzG7VqSjjl+uG2KLQqPtzxmvukIJRovhrKcUnPzw4tU4BLy2uGWgJN9sGofWczmtxdijADyOYtasVIr6/Hca5IwMCldbqQ9B1k+VIE87Kv2k5n+LVRVMsVHaVSubIMYZFbZFDW2/oRVg2ainewO0e9XPbtBREVraPnuf7s4uBByk4goQfLhz3B6L4JLbYYijw25+SmeJcesDxJUIIKMCuZChNcyb aura@LAPTOP-MEN8UH6Q"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCL75/Pg5bP7LaXE6uPyyv8QDRivWJC6YcH6oJJztkjqL6g+0xPPiN6I54q/bNF4nHA2BHVUktKUU9bGDEOpYIRq7kegp2/K/+FNTM1Kz6rJSrSc8e0Ogxg8vhD6maxqLU8q+D1OMhBu0UiWUB+GxXmeYfBtXPjpcE+AaJ80BPs7vwiulHPGn7UAcRuP36Z+3JJiN2BQnU2aizXWsgyU575Uy3DVvAt7eHon+SoJiTCs2//5KexJ42U6ZiE6f/oTFdiud70lpxhGgiiFvj6M9RZ0aLoxspiskW45jKLXIMJ+mO6husg9GfvCchbps3YkmH0hZ24Ii1EiFhi5HZMY0Lt mayflower"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrlqH2OShvXdzq1sV5IDuWQzeC9OHBVvwj0+Y0XXwi7 mayflower-thinkpad"
#fetchSSH "oatmealine@void-defragmented"
#fetchSSH "oatmealine@beppy-phone"
];
packages = with pkgs; [ tmux micro ];
shell = pkgs.unstable.fish;
};
services = {
ssh = {
enable = true;
requirePassword = false;
};
postgres.enable = true;
#nextcloud = {
# enable = true;
# domain = "nextcloud.dark-firepit.cloud";
# settings.app.federation = true;
#};
#writefreely = {
# enable = true;
# name = "Corruption Biome";
# domain = "blog.dark-firepit.cloud";
#};
gitea = {
enable = true;
domain = "git.oat.zone";
port = 3000;
};
matrix.conduit = {
enable = false;
domain = "matrix.dark-firepit.cloud";
};
srb2k = with lib; with builtins; let
addonDir = "/var/lib/srb2k/firepit/";
fileNames = attrNames (readDir (/. + addonDir));
addonFileNames = filter (n: hasSuffix ".lua" n || hasSuffix ".kart" n || hasSuffix ".pk3" n || hasSuffix ".wad" n) fileNames;
colors = builtins.fromJSON ''{
"white": "\u0080",
"purple": "\u0081",
"yellow": "\u0082",
"green": "\u0083",
"blue": "\u0084",
"red": "\u0085",
"gray": "\u0086",
"orange": "\u0087",
"cyan": "\u0088",
"lavender": "\u0089",
"gold": "\u008a",
"lime": "\u008b",
"steel": "\u008c",
"pink": "\u008d",
"brown": "\u008e",
"peach": "\u008f"
}'';
colorsLua = {
white = "\\128";
purple = "\\129";
yellow = "\\130";
green = "\\131";
blue = "\\132";
red = "\\133";
gray = "\\134";
orange = "\\135";
cyan = "\\136";
lavender = "\\137";
gold = "\\138";
lime = "\\139";
steel = "\\140";
pink = "\\141";
brown = "\\142";
peach = "\\143";
};
in {
enable = true;
advertise = true;
addons = map (n: "${addonDir}${n}") addonFileNames;
config = {
maxplayers = 16;
http_source = "https://yugoslavia.best/srb2kaddons/";
maxsend = "max";
servername = with colors; "${white}[${cyan}EU${white}] ${lime}yugoslavia.best";
server_contact = "oat.zone||home of bar";
};
serv = with colorsLua; ''
kmp_hardsneakers on
kmp_extendflashtics on
kmp_floatingitemfuse on
kmp_hyudoro on
kmp_haste on
kmp_respawnpoints on
kmp_battleaccel on
maxsend max
fr_enabled off
khaos enable off
wait 1
fd_finishkill off
fd_hitkill off
wait 1
nametag_star on
wait 1
hm_bail on
hm_timelimit 8
hm_motd on
hm_motd_nag on
hm_motd_name "${lime}yugoslavia.best"
hm_motd_tagline "home of bar"
hm_motd_contact "oat.zone"
hm_restat on
hm_restat_notify on
hm_votable exitlevel
hm_vote_timer 20
wait 1
hm_specbomb on
hm_scoreboard on
hm_scoreboard_humor on
wait 1
hm_scoreboard_addline "${lime}yugoslavia.best${white}: home of bar"
wait 1
hm_scoreboard_addline " hosted by ${lime}oat.zone"
wait 1
hm_scoreboard_addline "casual server, anything goes,"
hm_scoreboard_addline "feel free to suggest mods to"
wait 1
hm_scoreboard_addline "${pink}oatmealine#5397 ${white}/ ${pink}oatmealine@disroot.org"
//hm_scoreboard_addline "${white}80${purple}81${yellow}82${green}83${blue}84${red}85${gray}86${orange}87${cyan}88${lavender}89${gold}8a${lime}8b${steel}8c${pink}8d${brown}8e${peach}8f"
wait 1
hf_displaymode 3
''; #"
};
minecraft = {
enable = true;
servers = {
"dark-firepit" = {
enable = false;
#autoStart = false;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = 0;
motd = "dark-firepit, 1.19.2 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6";
Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85";
DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8";
SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1";
FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5";
};
package = pkgs.minecraftServers.fabric-1_19_2;
jvmOpts = "-Xmx6G";
};
"n3ko-test" = {
enable = true;
autoStart = true;
openFirewall = true;
serverProperties = {
server-port = 25595;
gamemode = 1;
motd = "N3KO SMP Testing server";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
#level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
Cardboxneko = "3d406152-008c-4ec9-bf49-44c883baca6d";
};
package = pkgs.fabricServers.fabric-1_18_2;
jvmOpts = "-Xmx4G";
};
"gbj" = {
enable = true;
autoStart = true;
openFirewall = true;
serverProperties = {
server-port = 25585;
gamemode = 0;
motd = "gay baby jail";
max-players = 16;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
level-type = "terra:overworld/overworld";
white-list = true;
view-distance = 32;
};
whitelist = {
UnderSunandSky = "b788f46e-50a2-4af3-a668-15ae393c59d8";
PianoBoyBenini = "042d6cef-6194-46b4-9bfc-87b3c4cdf94a";
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
Starblazerz128 = "d45eb172-8360-42fd-a185-ab2197b71f9a";
Chevreau = "b594ba84-f10c-42ff-83a6-8046f90ad0b8";
Yarn01 = "40fee73f-d4b3-47c6-adf7-fe7c717a1f55";
"1C3doggo" = "48c3a077-9e3b-47a6-b17b-4ed0b1bc33b2";
CosmicCats = "32148b79-12a8-48f1-b158-3c97c45e39e5";
m3bo = "6e33434c-1ec0-4c69-9dad-b32b1197496e";
SomewhatSyl = "d8bac1ef-27d5-4c94-a9e7-e2d079edef22";
Nightmare_Tank = "92840daa-823e-4b8e-9741-be296147e823";
JDavisBro = "e8529c4b-701e-46c5-a8d7-0dfb0e0b642d";
Ironic_queen = "443fe20d-77e0-4a4a-8bb7-a4b9ad654550";
azurehaiku = "fd7aba33-4307-4eba-aa63-70bc3e38a2d7";
TryHardGamerTV = "8273b84d-a687-49fb-98de-a3e626e26c3b";
"_AtlasFox_" = "0ce1bbe0-ea57-463c-8df3-4c046dc6eff2";
};
package = pkgs.minecraftServers.fabric-1_19_2;
jvmOpts = "-Xmx4G";
};
};
};
glitch-soc = {
enable = true;
domain = "feditest.oat.zone";
};
mosh = {
enable = true;
};
wireguard = {
enable = true;
server = true;
externalInterface = "eno1";
interfaces."wg0" = import ./wireguardInterface.nix;
};
vaultwarden = {
enable = true;
domain = "vault.aether.gay";
};
jillo = {
enable = false;
dataDir = "/var/lib/jillo";
};
# not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection
# prevents other domains from "stealing" content by settings their dns to our ip
# this has happened before by the way on the vps. i have no clue how or why
# update: also optimizes gzip and tls stuff
nginx-config = {
enable = true;
};
staticSites = {
"aether.gay".dataDir = "/var/www/aether.gay";
"dark-firepit.cloud".dataDir = "/var/www/dark-firepit.cloud";
#"dark-firepit.oat.zone".dataDir = "/var/www/dark-firepit.oat.zone";
"va11halla.oat.zone".dataDir = "/var/www/va11halla.oat.zone";
"giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing";
"modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone";
"shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best";
"tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone";
"tesco-underground-dev.oat.zone".auth = { tesco = builtins.readFile /etc/tesco; };
"oat.zone".dataDir = "/var/www/oat.zone";
"oat.zone".php = true;
"yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing";
"yugoslavia.fishing".php = true;
"educationmath.oat.zone".dataDir = "/var/www/proxy.oat.zone";
"educationmath.oat.zone".php = true;
"educationmath.oat.zone".auth = { twh = builtins.readFile /etc/proxy_twh; };
"rivervalleychocolate.com".dataDir = "/var/www/rivervalleychocolate.com";
"rivervalleychocolate.com".php = true;
"tac.yugoslavia.best".dataDir = "/var/www/tac.yugoslavia.best/public";
"tac.yugoslavia.best".php = true;
"tac.yugoslavia.best".phpHandlePathing = true;
"pjsk.oat.zone".dataDir = "/var/www/pjsk.oat.zone";
"mayf.pink".dataDir = "/var/www/mayf.pink/public";
"mayf.pink".php = true;
"mayf.pink".phpHandlePathing = true;
"wint0r.zone".dataDir = "/var/www/wint0r.zone";
"puzzle.wint0r.zone".dataDir = "/var/www/puzzle.wint0r.zone";
};
nitter = {
enable = true;
lightweight = false; # enable if shit gets wild; check config for more info
port = 3005;
domain = "nitter.oat.zone";
};
#watch-party = {
# enable = true;
# port = 1984;
#};
terraria = {
enable = false;
port = 7777; # port-forwarded
messageOfTheDay = "hi";
openFirewall = true;
worldPath = "/var/lib/terraria/gbj.wld";
autoCreatedWorldSize = "large";
dataDir = "/var/lib/terraria";
};
matomo = {
enable = true;
};
isso = {
enable = true;
port = 1995;
};
code-server = {
enable = true;
domain = "dev-firepit.oat.zone";
port = 4444;
};
};
};
systemd.services.minecraft-server-dark-firepit.serviceConfig = {
# packwiz workaround
# https://github.com/Infinidoge/nix-minecraft/issues/12#issuecomment-1235999072
# TODO: this doesn't work!!! it just goes "error code 1" and refuses to elaborate
#ExecStartPre = [
# ''cd "/srv/minecraft/dark-firepit"; nix-shell -p adoptopenjdk-hotspot-bin-16 --run "java -jar /srv/minecraft/dark-firepit/packwiz-installer-bootstrap.jar -g 'https://dark-firepit.oat.zone/Fire Pit 1.19.2/pack.toml'"''
#];
};
services.nginx.virtualHosts."oat.zone" = {
locations."/f/".extraConfig = ''
add_header Access-Control-Allow-Origin "*";
'';
};
services.nginx.virtualHosts."gdpstest.oat.zone" = {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:1982/";
};
extraConfig = ''
client_max_body_size 500M;
'';
};
services.nginx.virtualHosts."gdicon.oat.zone" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3436/";
};
};
# https://www.edwinwenink.xyz/posts/47-tilde_server/
services.nginx.virtualHosts."dark-firepit.cloud" = {
locations."~ ^/~([^/\\s]+?)(/[^\\s]*)?$".extraConfig = ''
add_header X-debug-message "/home/$1/www$2" always;
alias /home/$1/www$2;
index index.html index.htm;
autoindex on;
'';
};
services.nginx.virtualHosts."nitter.oat.zone" = {
locations."/".extraConfig = ''
if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') {
return 302 $scheme://fxtwitter.com$request_uri;
}
'';
};
# temporary
#services.nginx.virtualHosts."git.oat.zone" = {
# forceSSL = true;
# enableACME = true;
# root = "/var/www/temporarily-down";
# extraConfig = ''
# error_page 503 /index.html;
# '';
# locations."/".extraConfig = ''
# return 503;
# try_files /index.html =404;
# '';
#};
security.doas = {
extraRules = [
{ users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; }
{ users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
];
};
time.timeZone = "Europe/Amsterdam";
# If you uncomment this, I will uncomment the spores in your body
# mmm spores ymmnu.uyyy.., :)
networking.useDHCP = false;
networking = {
# for docs, start here
# https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
enableIPv6 = true; # true by default, but better safe than sorry
interfaces.eno1.ipv4.addresses = [
{ address = "51.89.98.8";
prefixLength = 24;
}
];
defaultGateway = "51.89.98.254";
nameservers = [ "8.8.8.8" "1.1.1.1" ];
interfaces.eno1.ipv6.addresses = [
{ address = "2001:41d0:0700:3308::";
prefixLength = 64;
}
{ address = "2001:41d0:0700:33ff::";
prefixLength = 64;
}
];
defaultGateway6 = {
address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
# address = "33ff::1";
# address = "2001::1";
interface = "eno1";
};
firewall.allowPing = true;
# minecraft proximity voice chat
firewall.allowedTCPPorts = [ 24454 25567 ];
firewall.allowedUDPPorts = [ 24454 25567 ];
};
# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68";
}