9 files changed, 345 insertions, 0 deletions

diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix
new file mode 100644
index 0000000..7705c1c
--- /dev/null
+++ b/modules/nixos/services/minecraft/default.nix
@@ -0,0 +1,25 @@
+{ options, config, lib, namespace, inputs, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.minecraft;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.minecraft = with types; {
+    enable = mkEnableOption "minecraft server support";
+  };
+
+  config = mkIf cfg.enable {
+    nixpkgs = {
+      overlays = [ inputs.nix-minecraft.overlay ];
+      config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+        "minecraft-server"
+      ];
+    };
+
+    services.minecraft-servers = {
+      enable = true;
+      eula = true;
+      openFirewall = true;
+    };
+  };
+}
diff --git a/modules/nixos/services/minecraft/stargazers/default.nix b/modules/nixos/services/minecraft/stargazers/default.nix
new file mode 100644
index 0000000..cb934f8
--- /dev/null
+++ b/modules/nixos/services/minecraft/stargazers/default.nix
@@ -0,0 +1,83 @@
+{ options, config, lib, pkgs, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.minecraft.stargazers;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.minecraft.stargazers = with types; {
+    enable = mkEnableOption "stargazers minecraft server";
+
+    port = mkOption {
+      type = types.port;
+      default = 25565;
+      description = "server port";
+    };
+
+    start = mkOption {
+      type = types.bool;
+      default = true;
+      description = "autostart";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.minecraft.enable = true;
+
+    #TODO: enable tmux
+    #cxl.tools.tmux.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/minecraft/stargazers"
+      ];
+    };
+
+    services.minecraft-servers.servers.stargazers = {
+      enable = true;
+      openFirewall = true;
+      autoStart = cfg.start;
+
+      package = pkgs.fabricServers.fabric-1_21;
+
+      operators = {
+        "grippysockjail" = "9448c89d-34eb-4e2c-a231-8112eb1a9e4a";
+        "antonymph" = "6b1f7a3c-a1c3-491a-8514-12b6b90d9152";
+      };
+
+      serverProperties = {
+        white-list = true;
+        enforce-whitelist = true;
+
+        gamemode = "survival";
+        difficulty = "hard";
+        level-seed = "4167799982467607063";
+        spawn-protection = 0;
+
+        max-players = 69;
+        motd = "\\u00a7r                  \\u00a75\\u00a7lstrge gazrer\\u00a7r\\n join or i will rip your bones out and eat them";
+
+        server-port = cfg.port;
+        query-port = cfg.port;
+      };
+
+      symlinks.mods = pkgs.linkFarmFromDrvs "mods" (builtins.attrValues {
+        fabric = pkgs.fetchurl {
+          url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/vMQdA5QJ/fabric-api-0.100.7%2B1.21.jar";
+          sha256 = "sha256-grNmYgSekBaTztR1SLbqZCOC6+QNUDLe4hp105qfibA=";
+        };
+        lithium = pkgs.fetchurl {
+          url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/my7uONjU/lithium-fabric-mc1.21-0.12.7.jar";
+          sha256 = "sha256-Qku6c545jVgrdxDSNe3BULVQlMtgGuXebNqirRcmsh0=";
+        };
+        noChatReports = pkgs.fetchurl {
+          url = "https://cdn.modrinth.com/data/qQyHxfxd/versions/riMhCAII/NoChatReports-FABRIC-1.21-v2.8.0.jar";
+          sha256 = "sha256-jskscOeK3ri2dt3mvWLPVmzddwPqBHJ8Ps+VfZ6l9os=";
+        };
+        appleskin = pkgs.fetchurl {
+          url = "https://cdn.modrinth.com/data/EsAfCjCV/versions/YxFxnyd4/appleskin-fabric-mc1.21-3.0.2.jar";
+          sha256 = "sha256-8XaZREWzA5Mi2/LTs/a6ACvDKmHWYIy8JcOfQaq4yiE=";
+        };
+      });
+    };
+  };
+}
diff --git a/modules/nixos/services/minecraft/zenith/default.nix b/modules/nixos/services/minecraft/zenith/default.nix
new file mode 100644
index 0000000..0bc19f7
--- /dev/null
+++ b/modules/nixos/services/minecraft/zenith/default.nix
@@ -0,0 +1,21 @@
+{ options, config, lib, pkgs, namespace, ... }:
+
+#TODO: nix-ify zenithproxy
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.minecraft.zenith;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.minecraft.zenith = with types; {
+    enable = mkEnableOption "zenithproxy server";
+
+    port = mkOption {
+      type = types.port;
+      default = 25565;
+      description = "server port";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
+  };
+}
diff --git a/modules/nixos/services/ssh/default.nix b/modules/nixos/services/ssh/default.nix
new file mode 100644
index 0000000..6856897
--- /dev/null
+++ b/modules/nixos/services/ssh/default.nix
@@ -0,0 +1,28 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.ssh;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.ssh = with types; {
+    enable = mkEnableOption "ssh server";
+
+    port = mkOption {
+      type = types.port;
+      default = 22;
+      description = "ssh server port";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    openssh = {
+      enable = true;
+      ports = [ cfg.port ];
+      
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/default.nix b/modules/nixos/services/web/default.nix
new file mode 100644
index 0000000..1e1e854
--- /dev/null
+++ b/modules/nixos/services/web/default.nix
@@ -0,0 +1,23 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web = with types; {
+    enable = mkEnableOption "web";
+  };
+
+  config = mkIf cfg.enable {
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/var/lib/acme"
+      ];
+    };
+
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "caroline@larimo.re";
+    };
+  };
+}
diff --git a/modules/nixos/services/web/images/default.nix b/modules/nixos/services/web/images/default.nix
new file mode 100644
index 0000000..b1c44e6
--- /dev/null
+++ b/modules/nixos/services/web/images/default.nix
@@ -0,0 +1,34 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.images;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web.images = with types; {
+    enable = mkEnableOption "image webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/web/images"
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "i.cxl.sh" = {
+          addSSL = true;
+          enableACME = true;
+
+          root = "/srv/web/images";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/landing/default.nix b/modules/nixos/services/web/landing/default.nix
new file mode 100644
index 0000000..fe9e92b
--- /dev/null
+++ b/modules/nixos/services/web/landing/default.nix
@@ -0,0 +1,34 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.landing;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web.landing = with types; {
+    enable = mkEnableOption "cxl.sh landing page webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/web/landing"
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "cxl.sh" = {
+          addSSL = true;
+          enableACME = true;
+
+          root = "/srv/web/landing";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/personal/default.nix b/modules/nixos/services/web/personal/default.nix
new file mode 100644
index 0000000..daf94c1
--- /dev/null
+++ b/modules/nixos/services/web/personal/default.nix
@@ -0,0 +1,63 @@
+{ options, config, lib, pkgs, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.personal;
+  impermanence = config.${namespace}.system.impermanence;
+
+  package = (pkgs.buildGoModule rec {
+    pname = "site";
+    version = "6612d84c63a7bbc2a5b70607f2ec32ea070c4659";
+
+    src = pkgs.fetchFromGitHub {
+      owner = "CartConnoisseur";
+      repo = "site";
+      rev = "${version}";
+      hash = "sha256-n54+LdtMyjoLfaFqd7tcDQqBiYCdUW/Rs67Vc4QwEJ0=";
+    };
+
+    # kinda a hack, but whatever
+    postBuild = ''
+      mkdir -p $out/share/site
+      cp -r $src/* $out/share/site/
+    '';
+
+    vendorHash = "sha256-2/4Wv7nsaT0wnUzkRgHKpSswigDj9nOvlmYXK29rvLU=";
+  });
+in {
+  options.${namespace}.services.personal.images = with types; {
+    enable = mkEnableOption "personal site webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "caroline.larimo.re" = {
+          # serverAliases = [ "cxl.sh" ];
+
+          addSSL = true;
+          enableACME = true;
+
+          locations."/" = {
+            recommendedProxySettings = true;
+            proxyPass = "http://127.0.0.1:8080/";
+          };
+        };
+      };
+    };
+
+    systemd.services."cxl.web.personal" = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        WorkingDirectory = "${package}/share/site";
+        ExecStart = "${package}/bin/site";
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/stargazers/default.nix b/modules/nixos/services/web/stargazers/default.nix
new file mode 100644
index 0000000..3e9b46e
--- /dev/null
+++ b/modules/nixos/services/web/stargazers/default.nix
@@ -0,0 +1,34 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.stargazers;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web.stargazers = with types; {
+    enable = mkEnableOption "stargazers webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/web/stargazers"
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "stargazers.xn--6frz82g" = {
+          addSSL = true;
+          enableACME = true;
+
+          root = "/srv/web/stargazers";
+        };
+      };
+    };
+  };
+}