2024-02-23 11:57:21 +00:00
|
|
|
{
|
|
|
|
lib,
|
2024-05-23 16:15:10 +00:00
|
|
|
config,
|
2024-08-11 10:08:41 +00:00
|
|
|
pkgs,
|
2024-02-23 11:57:21 +00:00
|
|
|
...
|
|
|
|
}: {
|
2024-02-13 04:01:59 +00:00
|
|
|
imports = [
|
|
|
|
# OS
|
2024-08-09 09:46:45 +00:00
|
|
|
../../nixos/profiles/server
|
2024-07-09 23:12:02 +00:00
|
|
|
../../nixos/profiles/opt-in/mihomo
|
2024-02-13 04:01:59 +00:00
|
|
|
|
|
|
|
# Hardware
|
|
|
|
./hardware-configuration.nix
|
|
|
|
./anti-feature.nix
|
2024-08-11 10:08:41 +00:00
|
|
|
|
|
|
|
# Services
|
2024-08-16 08:49:03 +00:00
|
|
|
./services/jellyfin.nix
|
2024-08-11 10:08:41 +00:00
|
|
|
./services/mastodon.nix
|
2024-08-16 08:49:03 +00:00
|
|
|
./services/matrix.nix
|
2024-08-11 10:08:41 +00:00
|
|
|
./services/minecraft.nix
|
2024-08-16 08:49:03 +00:00
|
|
|
./services/qbittorrent.nix
|
|
|
|
./services/samba.nix
|
2024-02-13 04:01:59 +00:00
|
|
|
];
|
|
|
|
|
2024-04-22 14:34:20 +00:00
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
2024-02-13 04:01:59 +00:00
|
|
|
networking.hostName = "blacksteel";
|
|
|
|
time.timeZone = "Asia/Shanghai";
|
2024-08-12 07:25:36 +00:00
|
|
|
system.stateVersion = "24.05";
|
2024-02-13 04:01:59 +00:00
|
|
|
|
2024-05-23 16:15:10 +00:00
|
|
|
######## Secrets
|
2024-08-09 09:46:45 +00:00
|
|
|
sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
|
|
|
|
"synapse/secret" = {
|
|
|
|
restartUnits = ["matrix-synapse.service"];
|
|
|
|
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
|
|
|
};
|
|
|
|
"synapse/oidc" = {
|
|
|
|
restartUnits = ["matrix-synapse.service"];
|
|
|
|
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
|
|
|
};
|
|
|
|
"syncv3/environment" = {
|
|
|
|
restartUnits = ["matrix-sliding-sync.service"];
|
|
|
|
};
|
|
|
|
"mastodon/environment" = {
|
|
|
|
restartUnits = ["mastodon-web.service"];
|
|
|
|
};
|
|
|
|
"cloudflared/secret" = {
|
|
|
|
restartUnits = ["cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service"];
|
|
|
|
owner = config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User;
|
2024-05-23 16:15:10 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-02-16 09:07:56 +00:00
|
|
|
services.tailscale = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
|
|
|
};
|
2024-02-15 16:58:18 +00:00
|
|
|
|
2024-06-21 07:18:05 +00:00
|
|
|
services.cloudflared = {
|
2024-05-23 16:15:10 +00:00
|
|
|
enable = true;
|
2024-06-21 07:18:05 +00:00
|
|
|
tunnels = {
|
|
|
|
"6222a3e0-98da-4325-be19-0f86a7318a41" = {
|
|
|
|
credentialsFile = config.sops.secrets."cloudflared/secret".path;
|
|
|
|
default = "http_status:404";
|
2024-07-24 16:53:10 +00:00
|
|
|
ingress = lib.genAttrs [
|
|
|
|
"mastodon.ny4.dev"
|
|
|
|
"matrix.ny4.dev"
|
|
|
|
"syncv3.ny4.dev"
|
|
|
|
] (_: "http://localhost");
|
2024-06-21 07:18:05 +00:00
|
|
|
};
|
2024-05-23 16:15:10 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-06-21 07:18:05 +00:00
|
|
|
services.caddy = {
|
|
|
|
enable = true;
|
|
|
|
configFile = pkgs.substituteAll {
|
|
|
|
src = ./Caddyfile;
|
2024-08-12 06:30:33 +00:00
|
|
|
robots = toString ../tyo0/robots.txt;
|
2024-06-21 07:18:05 +00:00
|
|
|
inherit (pkgs) mastodon;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.caddy.serviceConfig = {
|
2024-06-20 08:35:49 +00:00
|
|
|
SupplementaryGroups = ["mastodon" "matrix-synapse"];
|
|
|
|
};
|
2024-05-23 16:15:10 +00:00
|
|
|
|
|
|
|
services.postgresql = {
|
|
|
|
enable = true;
|
2024-08-11 13:26:31 +00:00
|
|
|
package = pkgs.postgresql_16;
|
2024-05-23 16:15:10 +00:00
|
|
|
settings = {
|
|
|
|
max_connections = 200;
|
|
|
|
shared_buffers = "4GB";
|
|
|
|
effective_cache_size = "12GB";
|
|
|
|
maintenance_work_mem = "1GB";
|
|
|
|
checkpoint_completion_target = 0.9;
|
|
|
|
wal_buffers = "16MB";
|
|
|
|
default_statistics_target = 100;
|
2024-08-11 13:26:31 +00:00
|
|
|
random_page_cost = 1.1;
|
2024-05-23 16:15:10 +00:00
|
|
|
effective_io_concurrency = 200;
|
|
|
|
work_mem = "5242kB";
|
|
|
|
huge_pages = "off";
|
|
|
|
min_wal_size = "1GB";
|
|
|
|
max_wal_size = "4GB";
|
|
|
|
max_worker_processes = 8;
|
|
|
|
max_parallel_workers_per_gather = 4;
|
|
|
|
max_parallel_workers = 8;
|
|
|
|
max_parallel_maintenance_workers = 4;
|
|
|
|
};
|
|
|
|
initialScript = pkgs.writeText "synapse-init.sql" ''
|
|
|
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
|
|
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
|
|
|
TEMPLATE template0
|
|
|
|
LC_COLLATE = "C"
|
|
|
|
LC_CTYPE = "C";
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
services.postgresqlBackup = {
|
|
|
|
enable = true;
|
|
|
|
location = "/var/lib/backup/postgresql";
|
|
|
|
compression = "zstd";
|
|
|
|
startAt = "weekly";
|
|
|
|
};
|
2024-02-13 04:01:59 +00:00
|
|
|
}
|