flake/hosts/lightsail-tokyo/default.nix

{
  lib,
  modulesPath,
  pkgs,
  ...
}: {
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    ../../nixos/profiles/server
    ./anti-feature.nix

    ./services/forgejo.nix
    ./services/hysteria.nix
    ./services/keycloak.nix
    ./services/miniflux.nix
    ./services/murmur.nix
    ./services/ntfy.nix
    ./services/pixivfe.nix
    ./services/searx.nix
  ];

  time.timeZone = "Asia/Tokyo";
  boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
  system.stateVersion = "23.11";

  swapDevices = [
    {
      device = "/var/lib/swapfile";
      size = 4 * 1024; # 4 GiB
    }
  ];

  # WORKAROUND:
  systemd.services."print-host-key".enable = false;

  ### Secrets
  sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
    "hysteria/auth" = {
      restartUnits = ["hysteria.service"];
    };
    "pixivfe/environment" = {
      restartUnits = ["pixivfe.service"];
    };
    "searx/environment" = {
      restartUnits = ["searx.service"];
    };
    "miniflux/environment" = {
      restartUnits = ["miniflux.service"];
    };
  };

  ### Services
  networking.firewall.allowedUDPPorts = [443]; # hysteria
  networking.firewall.allowedTCPPorts = [80 443]; # caddy

  systemd.tmpfiles.settings = {
    "10-www" = {
      "/var/www/robots/robots.txt".C.argument = toString ./robots.txt;
      "/var/www/matrix/client".C.argument = toString ./matrix-client.json;
      "/var/www/matrix/server".C.argument = toString ./matrix-server.json;
    };
  };

  services.caddy = {
    enable = true;
    configFile = pkgs.substituteAll {
      src = ./Caddyfile;

      "element" = pkgs.element-web.override {
        element-web-unwrapped = pkgs.element-web-unwrapped.overrideAttrs (oldAttrs: {
          version = "1.11.74-rc.0";
          src = oldAttrs.src.overrideAttrs {
            outputHash = "sha256-Dik4vBzybkb6Q7OgEDrQ3FBaUGOmUxr9SplyNm1JWZU=";
          };
          offlineCache = oldAttrs.offlineCache.overrideAttrs {
            outputHash = "sha256-+SSsFUVIVuNpy+CQT6+oFIGvzQLAHEokibXtxsidumQ=";
          };
        });

        conf.default_server_config."m.homeserver" = {
          base_url = "https://matrix.ny4.dev";
          server_name = "ny4.dev";
        };
      };

      "cinny" = pkgs.cinny.override {
        conf = {
          defaultHomeserver = 0;
          homeserverList = ["ny4.dev"];
        };
      };

      "mastodon" = pkgs.mastodon;
    };
  };

  services.wastebin = {
    enable = true;
    settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200";
  };

  services.uptime-kuma = {
    enable = true;
    settings.PORT = "8300";
  };

  services.redlib = {
    enable = true;
    address = "127.0.0.1";
    port = 9400;
  };

  ### Prevents me from bankrupt
  # https://fmk.im/p/shutdown-aws/
  services.vnstat.enable = true;
  systemd.services."no-bankrupt" = {
    serviceConfig.Type = "oneshot";
    path = with pkgs; [coreutils gawk vnstat systemd];
    script = ''
      TRAFF_TOTAL=1900
      TRAFF_USED=$(vnstat --oneline b | awk -F ';' '{print $11}')
      CHANGE_TO_GB=$(($TRAFF_USED / 1073741824))

      if [ $CHANGE_TO_GB -gt $TRAFF_TOTAL ]; then
          shutdown -h now
      fi
    '';
  };
  systemd.timers."no-bankrupt" = {
    timerConfig.OnCalendar = "*:0:0"; # Check every hour
  };
}
hosts: add lightsail-tokyo 2024-04-22 18:35:50 +00:00			`{`
			`lib,`
pixivfe: move to ./pkgs 2024-07-11 15:50:43 +00:00			`modulesPath,`
lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`pkgs,`
hosts: add lightsail-tokyo 2024-04-22 18:35:50 +00:00			`...`
			`}: {`
			`imports = [`
			`"${modulesPath}/virtualisation/amazon-image.nix"`
			`../../nixos/profiles/server`
			`./anti-feature.nix`
tyo0: file structure 2024-08-11 10:13:36 +00:00
			`./services/forgejo.nix`
			`./services/hysteria.nix`
			`./services/keycloak.nix`
			`./services/miniflux.nix`
			`./services/murmur.nix`
			`./services/ntfy.nix`
			`./services/pixivfe.nix`
			`./services/searx.nix`
hosts: add lightsail-tokyo 2024-04-22 18:35:50 +00:00			`];`

			`time.timeZone = "Asia/Tokyo";`
			`boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";`
			`system.stateVersion = "23.11";`
lightsail-tokyo: add hysteria forgot to commit... 2024-04-22 21:01:38 +00:00
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`swapDevices = [`
			`{`
			`device = "/var/lib/swapfile";`
			`size = 4 * 1024; # 4 GiB`
			`}`
			`];`

lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`# WORKAROUND:`
			`systemd.services."print-host-key".enable = false;`

			`### Secrets`
treewide: replace builtins with lib 2024-07-21 10:09:21 +00:00			`sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {`
			`"hysteria/auth" = {`
			`restartUnits = ["hysteria.service"];`
			`};`
			`"pixivfe/environment" = {`
			`restartUnits = ["pixivfe.service"];`
			`};`
			`"searx/environment" = {`
			`restartUnits = ["searx.service"];`
			`};`
			`"miniflux/environment" = {`
			`restartUnits = ["miniflux.service"];`
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`};`
			`};`
lightsail-tokyo: add hysteria forgot to commit... 2024-04-22 21:01:38 +00:00
lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`### Services`
flake: update lock file 2024-06-29 03:18:11 +00:00			`networking.firewall.allowedUDPPorts = [443]; # hysteria`
			`networking.firewall.allowedTCPPorts = [80 443]; # caddy`
lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00
lightsail-tokyo/caddy: add hardening and robots.txt 2024-05-04 08:12:36 +00:00			`systemd.tmpfiles.settings = {`
			`"10-www" = {`
			`"/var/www/robots/robots.txt".C.argument = toString ./robots.txt;`
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`"/var/www/matrix/client".C.argument = toString ./matrix-client.json;`
			`"/var/www/matrix/server".C.argument = toString ./matrix-server.json;`
lightsail-tokyo/caddy: add hardening and robots.txt 2024-05-04 08:12:36 +00:00			`};`
			`};`

lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`services.caddy = {`
			`enable = true;`
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`configFile = pkgs.substituteAll {`
			`src = ./Caddyfile;`

			`"element" = pkgs.element-web.override {`
nixos/lightsail-tokyo/element-web: upgrade to latest rc 2024-06-17 03:33:36 +00:00			`element-web-unwrapped = pkgs.element-web-unwrapped.overrideAttrs (oldAttrs: {`
flake: bump 2024-08-09 09:46:45 +00:00			`version = "1.11.74-rc.0";`
nixos/lightsail-tokyo/element-web: upgrade to latest rc 2024-06-17 03:33:36 +00:00			`src = oldAttrs.src.overrideAttrs {`
flake: bump 2024-08-09 09:46:45 +00:00			`outputHash = "sha256-Dik4vBzybkb6Q7OgEDrQ3FBaUGOmUxr9SplyNm1JWZU=";`
nixos/lightsail-tokyo/element-web: upgrade to latest rc 2024-06-17 03:33:36 +00:00			`};`
			`offlineCache = oldAttrs.offlineCache.overrideAttrs {`
flake: bump 2024-08-09 09:46:45 +00:00			`outputHash = "sha256-+SSsFUVIVuNpy+CQT6+oFIGvzQLAHEokibXtxsidumQ=";`
nixos/lightsail-tokyo/element-web: upgrade to latest rc 2024-06-17 03:33:36 +00:00			`};`
			`});`

			`conf.default_server_config."m.homeserver" = {`
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`base_url = "https://matrix.ny4.dev";`
nixos/lightsail-tokyo/element-web: upgrade to latest rc 2024-06-17 03:33:36 +00:00			`server_name = "ny4.dev";`
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`};`
			`};`

tyo0: add cinny 2024-07-31 13:34:24 +00:00			`"cinny" = pkgs.cinny.override {`
			`conf = {`
			`defaultHomeserver = 0;`
			`homeserverList = ["ny4.dev"];`
			`};`
			`};`

treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`"mastodon" = pkgs.mastodon;`
			`};`
lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`};`
lightsail-tokyo: add hysteria forgot to commit... 2024-04-22 21:01:38 +00:00
lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`services.wastebin = {`
			`enable = true;`
			`settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200";`
			`};`

			`services.uptime-kuma = {`
			`enable = true;`
			`settings.PORT = "8300";`
			`};`

flake: update lock file 2024-07-21 11:54:56 +00:00			`services.redlib = {`
lightsail-tokyo: add libreddit 2024-07-13 18:01:10 +00:00			`enable = true;`
			`address = "127.0.0.1";`
			`port = 9400;`
			`};`

lightsail-tokyo: add domain and bunch of services 2024-05-02 23:43:48 +00:00			`### Prevents me from bankrupt`
			`# https://fmk.im/p/shutdown-aws/`
			`services.vnstat.enable = true;`
			`systemd.services."no-bankrupt" = {`
			`serviceConfig.Type = "oneshot";`
			`path = with pkgs; [coreutils gawk vnstat systemd];`
			`script = ''`
			`TRAFF_TOTAL=1900`
			`TRAFF_USED=$(vnstat --oneline b \| awk -F ';' '{print $11}')`
			`CHANGE_TO_GB=$(($TRAFF_USED / 1073741824))`

			`if [ $CHANGE_TO_GB -gt $TRAFF_TOTAL ]; then`
			`shutdown -h now`
			`fi`
			`'';`
			`};`
			`systemd.timers."no-bankrupt" = {`
			`timerConfig.OnCalendar = "*:0:0"; # Check every hour`
			`};`
hosts: add lightsail-tokyo 2024-04-22 18:35:50 +00:00			`}`