diff --git a/configuration.nix b/configuration.nix index 925556d..637bc8c 100755 --- a/configuration.nix +++ b/configuration.nix @@ -1,6 +1,8 @@ -{pkgs, ...}: let - ssh-pub-keys = import ./ssh-pub-keys.nix; -in { +{ + pkgs, + ssh-pub-keys, + ... +}: { imports = [ ./hardware-configuration.nix ]; diff --git a/flake.lock b/flake.lock index 8559741..6e720ed 100755 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,24 @@ "url": "file:///var/lib/git-server/blog.git" } }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1749143949, @@ -65,6 +83,22 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noshell": { "inputs": { "nixpkgs": "nixpkgs_3" @@ -87,7 +121,42 @@ "inputs": { "elmskell-blog": "elmskell-blog", "nixpkgs": "nixpkgs_2", - "noshell": "noshell" + "noshell": "noshell", + "spacebar-server": "spacebar-server" + } + }, + "spacebar-server": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1748414795, + "narHash": "sha256-nClmjajuaMVV02Rn7xqZWy5pwLmGw7/MF3RDGkYDuYQ=", + "owner": "spacebarchat", + "repo": "server", + "rev": "f03c6209a42ae3e922bdb86954de04f1ae6daaa8", + "type": "github" + }, + "original": { + "owner": "spacebarchat", + "repo": "server", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index f7f9bcd..36358f6 100755 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ nixpkgs.url = "github:nixos/nixpkgs/release-25.05"; noshell.url = "github:viperML/noshell"; elmskell-blog.url = "git+file:///var/lib/git-server/blog.git"; + spacebar-server.url = "github:spacebarchat/server"; }; outputs = { @@ -11,6 +12,7 @@ nixpkgs, noshell, elmskell-blog, + spacebar-server, ... }: let system = "x86_64-linux"; @@ -21,14 +23,17 @@ inherit self; inherit system; inherit elmskell-blog; + inherit spacebar-server; + ssh-pub-keys = import ./ssh-pub-keys.nix; }; modules = [ - ./services/elmskell.nix ./services/ferron.nix - ./services/rgit.nix + + ./services/elmskell.nix ./services/blog.nix - ./services/spacebar-client.nix + ./services/spacebar.nix + ./services/rgit.nix noshell.nixosModules.default {programs.noshell.enable = true;} diff --git a/services/ferron.nix b/services/ferron.nix index ed38aa4..939a5d8 100755 --- a/services/ferron.nix +++ b/services/ferron.nix @@ -30,8 +30,8 @@ proxyTo = "http://localhost:9780/"; } { - domain = "www.mtgmonkey.net"; - proxyTo = "http://localhost:9080/"; + domain = "spacebar-api.mtgmonkey.net"; + proxyTo = "http://localhost:3001/"; } ]; }; diff --git a/services/spacebar-client.nix b/services/spacebar.nix similarity index 56% rename from services/spacebar-client.nix rename to services/spacebar.nix index 999b2c2..669bc11 100644 --- a/services/spacebar-client.nix +++ b/services/spacebar.nix @@ -1,9 +1,68 @@ -# Auto-generated using compose2nix v0.3.1. { + ssh-pub-keys, + spacebar-server, pkgs, lib, ... -}: { +}: let + botPolicies-nix = { + dnsbl = false; + status_codes = { + CHALLENGE = 200; + DENY = 200; + }; + bots = [ + { + name = "catch-everything"; + user_agent_regex = ".*"; + action = "CHALLENGE"; + } + ]; + }; +in { + services.anubis = { + instances.spacebar = { + enable = true; + settings = { + BIND = "[::1]:9780"; + BIND_NETWORK = "tcp"; + DIFFICULTY = 4; + METRICS_BIND = "[::1]:9781"; + METRICS_BIND_NETWORK = "tcp"; + POLICY_FNAME = "/etc/anubis/spacebar.botPolicies.yaml"; + TARGET = "http://localhost:8282"; + }; + }; + }; + environment.etc."anubis/spacebar.botPolicies.yaml" = { + source = (pkgs.formats.yaml {}).generate "" botPolicies-nix; + mode = "644"; + }; + systemd.services.spacebar-server = { + serviceConfig = { + Type = "simple"; + ExecStart = "${lib.getExe spacebar-server.packages.x86_64-linux.default}"; + RemainAfterExit = true; + User = "spacebar"; + Group = "spacebar"; + }; + environment = { + DATABASE = "/var/lib/spacebar-server/database.db"; + STORAGE_LOCATION = "/var/lib/spacebar-server/files/"; + }; + }; + users.users.spacebar = { + isSystemUser = true; + group = "spacebar"; + description = "spacebar"; + home = "/var/lib/spacebar-server"; + createHome = true; + packages = [pkgs.git spacebar-server.packages.x86_64-linux.default]; + shell = pkgs.bash; + openssh.authorizedKeys.keys = ssh-pub-keys; + }; + users.groups.spacebar = {}; + # Enable container name DNS for non-default Docker networks. # https://github.com/NixOS/nixpkgs/issues/226365 networking.firewall.interfaces."docker+".allowedUDPPorts = [53]; @@ -14,7 +73,7 @@ virtualisation.oci-containers.containers."spaceclient-jank" = { image = "docker.io/compose2nix/spaceclient-jank"; ports = [ - "9780:8080/tcp" + "8282:8080/tcp" ]; log-driver = "journald"; extraOptions = [