insects/nix-config
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

migrate server configs

Browse source
This commit is contained in:
insects 2024-08-23 13:48:56 +02:00
parent 20278baff4
commit 8ccc16e930
3 changed files with 335 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

196
servers/lunasa/configuration.nix Normal file
View file

@ -0,0 +1,196 @@
{ modulesPath, pkgs, lib, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
networking.hostName = "lunasa";
zramSwap.enable = true;
services.openssh.enable = true;
boot.tmp.cleanOnBoot = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
nix = {
package = pkgs.nixVersions.nix_2_22;
settings = {
auto-optimise-store = lib.mkDefault true;
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
};
};
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy''
];
networking.firewall.allowedTCPPorts = [
80
443
1935 # the RTMP port for OwnCast
6667 # irc plaintext
];
services.owncast = {
enable = true;
port = 8001;
};
services.ergochat = {
enable = true;
settings = {
accounts = {
authentication-enabled = true;
multiclient = {
allowed-by-default = true;
always-on = "opt-out";
auto-away = "opt-out";
enabled = true;
};
registration = {
allow-before-connect = true;
bcrypt-cost = 4;
email-verification = {
enabled = false;
};
enabled = true;
throttling = {
duration = "10m";
enabled = true;
max-attempts = 30;
};
};
};
channels = {
default-modes = "+ntC";
registration = {
enabled = true;
};
};
datastore = {
autoupgrade = true;
path = "/var/lib/ergo/ircd.db";
};
history = {
autoreplay-on-join = 0;
autoresize-window = "3d";
channel-length = 2048;
chathistory-maxmessages = 100;
client-length = 256;
enabled = true;
restrictions = {
expire-time = "1w";
grace-period = "1h";
query-cutoff = "none";
};
retention = {
allow-individual-delete = false;
enable-account-indexing = false;
};
tagmsg-storage = {
default = false;
whitelist = [
"+draft/react"
"+react"
];
};
znc-maxmessages = 2048;
};
limits = {
awaylen = 390;
channellen = 64;
identlen = 20;
kicklen = 390;
nicklen = 32;
topiclen = 390;
};
network = {
name = "testnetwork";
};
server = {
casemapping = "permissive";
check-ident = false;
enforce-utf = true;
forward-confirm-hostnames = false;
ip-cloaking = {
enabled = false;
};
ip-limits = {
count = false;
throttle = false;
};
listeners = {
":6667" = { };
};
lookup-hostnames = false;
max-sendq = "1M";
name = "example.com";
relaymsg = {
enabled = false;
};
};
oper-classes = {
"chat-moderator" = {
title = "Chat Moderator";
capabilities = [
"kill"
"ban"
"nofakelag"
"relaymsg"
"vhosts"
"sajoin"
"samode"
"snomasks"
"roleplay"
];
};
"server-admin" = {
title = "Server Admin";
extends = "chat-moderator";
capabilities = [
"rehash"
"accreg"
"chanreg"
"history"
"defcon"
"massmessage"
];
};
};
opers = {
admin = {
class = "server-admin";
password = "$2a$04$uSnmJ2i4AVYR.z/kpCirsuNQGpFLUzsmIogK6qvc9mvf8UMDKjTPG";
};
};
};
};
services.caddy = {
enable = true;
email = "shadows@with.al";
virtualHosts = {
"lina.cool" = {
extraConfig = ''
encode gzip
reverse_proxy 127.0.0.1:8001
'';
};
};
};
system.stateVersion = "23.11";
}