L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 2 Releases Wiki Activity

Compare commits

base: L-Nafaryus:6c5127ab17ec984dee97f649719b97051f9e7ae9
Branches Tags
L-Nafaryus:master
L-Nafaryus:packages-onetagger
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-wezterm
..
compare: L-Nafaryus:1ad29e30d263244fb98c6dd261094f7b2554cbab
Branches Tags
L-Nafaryus:master
L-Nafaryus:packages-onetagger
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-wezterm

2 Commits
6c5127ab17 ... 1ad29e30d2

Author SHA1 Message Date
L-Nafaryus
1ad29e30d2
new: packages: ultimmc 2024-01-19 20:00:05 +05:00
L-Nafaryus
f5e59054a8
catarina: update secrets, mail server, minecraft server 2024-01-19 19:59:45 +05:00
9 changed files with 305 additions and 9 deletions
Show Stats Expand all files Collapse all files

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule ".secrets"]
path = .secrets
url = git@vcs.elnafo.ru:L-Nafaryus/bonfire-secrets.git

1
.secrets Submodule

@ -0,0 +1 @@
Subproject commit d4a686b321770dbe16130e31966e87143440469e

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &astora age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
creation_rules:
- path_regex: secrests/[^/]+\.(yaml|env|txt)$
key_groups:
- age:
- *astora

143
flake.lock
View File

@ -1,5 +1,21 @@
{ {
"nodes": { "nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"cachix": { "cachix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -60,6 +76,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
@ -209,6 +241,36 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-regression": { "nixpkgs-regression": {
"locked": { "locked": {
"lastModified": 1643052045, "lastModified": 1643052045,
@ -241,6 +303,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -275,7 +353,70 @@
"crane": "crane", "crane": "crane",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
},
"locked": {
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1705356877,
"narHash": "sha256-274jL1cH64DcXUXebVMZBRUsTs3FvFlPIPkCN/yhSnI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "87755331580fdf23df7e39b46d63ac88236bf42c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
} }
} }
}, },

9
flake.nix
View File

@ -12,9 +12,12 @@
cachix = { url = "github:cachix/devenv/v0.6.3"; inputs.nixpkgs.follows = "nixpkgs"; }; cachix = { url = "github:cachix/devenv/v0.6.3"; inputs.nixpkgs.follows = "nixpkgs"; };
crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; }; crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; };
nixgl = { url = "github:guibou/nixGL"; inputs.nixpkgs.follows = "nixpkgs"; }; nixgl = { url = "github:guibou/nixGL"; inputs.nixpkgs.follows = "nixpkgs"; };
simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
}; };
outputs = inputs @ { self, nixpkgs, home-manager, crane, nixgl, ... }: { outputs = inputs @ { self, nixpkgs, home-manager, crane, nixgl, simple-nixos-mailserver, sops-nix, ... }: {
lib = import ./lib {}; lib = import ./lib {};
@ -27,7 +30,7 @@
./nixosModules/bonfire.nix ./nixosModules/bonfire.nix
self.nixosModules.spoofdpi self.nixosModules.spoofdpi
]; ];
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs self; };
}; };
catarina = with nixpkgs; lib.nixosSystem { catarina = with nixpkgs; lib.nixosSystem {
@ -36,6 +39,8 @@
./nixosConfigurations/catarina ./nixosConfigurations/catarina
./nixosModules/bonfire.nix ./nixosModules/bonfire.nix
self.nixosModules.spoofdpi self.nixosModules.spoofdpi
simple-nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
]; ];
specialArgs = { inherit inputs self; }; specialArgs = { inherit inputs self; };
}; };

5
nixosConfigurations/astora/users.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, inputs, self, ... }:
{ {
# Users # Users
users.users.nafaryus = { users.users.nafaryus = {
@ -69,6 +69,9 @@
onlyoffice-bin onlyoffice-bin
anydesk anydesk
jdk
self.packages.${pkgs.system}.ultimmc
]; ];
xdg.enable = true; xdg.enable = true;

71
nixosConfigurations/catarina/default.nix
View File

@ -73,11 +73,11 @@ rec {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
maxretry = 16; maxretry = 12;
ignoreIP = [ ignoreIP = [
"192.168.0.0/16" "192.168.0.0/16"
]; ];
bantime = "2h"; bantime = "3h";
bantime-increment = { bantime-increment = {
enable = true; enable = true;
multipliers = "1 2 4 8 16 32 64"; multipliers = "1 2 4 8 16 32 64";
@ -86,6 +86,12 @@ rec {
}; };
}; };
sops = {
defaultSopsFile = ../../.secrets/secrets.yaml;
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
secrets = import ../../.secrets/sops-secrets.nix;
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "l.nafaryus@gmail.com"; defaults.email = "l.nafaryus@gmail.com";
@ -96,8 +102,7 @@ rec {
domain = "elnafo.ru"; domain = "elnafo.ru";
extraDomainNames = [ "*.elnafo.ru" ]; extraDomainNames = [ "*.elnafo.ru" ];
dnsProvider = "webnames"; dnsProvider = "webnames";
credentialsFile = "/var/lib/secrets/certs.secret"; credentialsFile = config.sops.secrets."dns".path;
group = "nginx";
webroot = null; webroot = null;
}; };
}; };
@ -106,6 +111,8 @@ rec {
services.nginx = { services.nginx = {
enable = true; enable = true;
package = pkgs.nginx.override { withMail = true; };
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -129,7 +136,16 @@ rec {
useACMEHost = "elnafo.ru"; useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001"; locations."/".proxyPass = "http://127.0.0.1:3001";
}; };
"media.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
http2 = true;
locations."/".proxyPass = "http://127.0.0.1:8096";
};
}; };
}; };
services.postgresql = { services.postgresql = {
@ -165,6 +181,13 @@ rec {
mailer = { mailer = {
ENABLED = true; ENABLED = true;
FROM = "git@elnafo.ru"; FROM = "git@elnafo.ru";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
@ -175,9 +198,11 @@ rec {
}; };
}; };
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = { database = {
type = "postgres"; type = "postgres";
passwordFile = "/var/lib/secrets/gitea/gitea-dbpassword"; passwordFile = config.sops.secrets."database/git".path;
name = "git"; name = "git";
user = "git"; user = "git";
}; };
@ -192,9 +217,45 @@ rec {
home = services.gitea.stateDir; home = services.gitea.stateDir;
useDefaultShell = true; useDefaultShell = true;
group = services.gitea.group; group = services.gitea.group;
extraGroups = [ "nginx" ];
isSystemUser = true; isSystemUser = true;
}; };
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = [ "elnafo.ru" ];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
loginAccounts = import ../../.secrets/mail-recipients.nix { inherit config; };
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = "survival";
motd = "NixOS Minecraft Server";
max-players = 10;
level-seed = "66666666";
enable-status = true;
enforce-secure-profile = false;
difficulty = "normal";
online-mode = false;
};
};
services.spoofdpi.enable = true; services.spoofdpi.enable = true;
# Packages # Packages

2
packages/default.nix
View File

@ -18,4 +18,6 @@ in forAllSystems(system: let pkgs = nixpkgsFor.${system}; in {
spoofdpi = pkgs.callPackage ./spoofdpi {}; spoofdpi = pkgs.callPackage ./spoofdpi {};
lego = pkgs.callPackage ./lego {}; lego = pkgs.callPackage ./lego {};
ultimmc = pkgs.libsForQt5.callPackage ./ultimmc {};
}) })

73
packages/ultimmc/default.nix Normal file
View File

@ -0,0 +1,73 @@
{
lib, stdenv,
fetchFromGitHub, wrapQtAppsHook,
extra-cmake-modules, cmake,
file, jdk17,
copyDesktopItems, makeDesktopItem,
xorg, libpulseaudio, libGL
}:
stdenv.mkDerivation rec {
version = "faf3c966c43465d6f6c245ed78556222240398ee";
pname = "ultimmc";
src = fetchFromGitHub {
fetchSubmodules = true;
owner = "UltimMC";
repo = "Launcher";
rev = "faf3c966c43465d6f6c245ed78556222240398ee";
sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w=";
};
nativeBuildInputs = [
wrapQtAppsHook
extra-cmake-modules
cmake
file
jdk17
copyDesktopItems
];
desktopItems = [
(makeDesktopItem {
name = "ultimmc";
desktopName = "UltimMC";
icon = "ultimmc";
comment = "Cracked Minecraft launcher";
exec = "UltimMC %u";
categories = [ "Game" ];
})
];
cmakeFlags = [ "-DLauncher_LAYOUT=lin-nodeps" ];
postInstall = let
libpath = with xorg; lib.makeLibraryPath [
libX11
libXext
libXcursor
libXrandr
libXxf86vm
libpulseaudio
libGL
];
in ''
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg
chmod -x $out/bin/*.so
wrapProgram $out/bin/UltimMC \
"''${qtWrapperArgs[@]}" \
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \
--prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \
--add-flags '-d ~/.local/share/ultimmc'
rm $out/UltimMC
'';
meta = with lib; {
homepage = "https://github.com/UltimMC/Launcher";
description = "Cracked Minecraft Launcher";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = [] ;
};
}