diff --git a/host/Rory-ovh/services/cgit.nix b/host/Rory-ovh/services/cgit.nix
index 854dfdf..74cea8e 100644
--- a/host/Rory-ovh/services/cgit.nix
+++ b/host/Rory-ovh/services/cgit.nix
@@ -10,6 +10,7 @@ let
base_cgit_config = {
enable = true;
nginx.virtualHost = "cgit.rory.gay";
+ gitHttpBackend.checkExportOkFiles = false;
#package = pkgs.cgit-pink;
package = pkg;
scanPath = "/data/git";
diff --git a/host/Rory-ovh/services/containers/shared.nix b/host/Rory-ovh/services/containers/shared.nix
index 7bad188..d33356f 100644
--- a/host/Rory-ovh/services/containers/shared.nix
+++ b/host/Rory-ovh/services/containers/shared.nix
@@ -1,10 +1,7 @@
{ pkgs, lib, config, ... }:
{
environment.systemPackages = with pkgs; [
- neofetch
lnav
- zsh
- git
lsd
htop
btop
@@ -37,7 +34,14 @@
services.resolved = {
enable = lib.mkForce false;
- dnssec = lib.mkForce "false";
- dnsovertls = lib.mkForce "false";
+ settings = {
+ Resolve = {
+ DNSSEC = lib.mkForce "false";
+ DNSOverTLS = lib.mkForce "false";
+ };
+ };
};
+
+ systemd.oomd.enable = false; # Kinda useless in a container, lol
+ system.stateVersion = "26.05"; # Required to make nix shut up about it
}
diff --git a/host/Rory-ovh/services/containers/spacebar/container.nix b/host/Rory-ovh/services/containers/spacebar/container.nix
new file mode 100644
index 0000000..e427abf
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/container.nix
@@ -0,0 +1,48 @@
+{
+ spacebar,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+ inherit spacebar;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/spacebar.nix
+ ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.22";
+
+ forwardPorts = [
+ {
+ containerPort = 22;
+ hostPort = 30022;
+ protocol = "tcp";
+ }
+ {
+ containerPort = 6000;
+ hostPort = 6000;
+ protocol = "udp";
+ }
+ ];
+
+ bindMounts."spacebar-storage" = {
+ hostPath = "/data/dedicated/spacebar-storage";
+ mountPoint = "/storage";
+ isReadOnly = false;
+ };
+
+ bindMounts."spacebar-secrets" = {
+ hostPath = "/data/secrets/spacebar";
+ mountPoint = "/run/secrets/spacebar";
+ isReadOnly = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/root.nix b/host/Rory-ovh/services/containers/spacebar/root.nix
new file mode 100644
index 0000000..7d351c3
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/root.nix
@@ -0,0 +1,72 @@
+{ lib, pkgs, ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ 3001
+ 3002
+ 3003
+ 3004
+ 3005
+ 3006
+ ]
+ ++ (lib.range 3100 3115);
+ allowedUDPPorts = [ 6000 ];
+ };
+
+ services.openssh = {
+ enable = true;
+ startWhenNeeded = true;
+ settings = {
+ #Banner = /. + (pkgs.writeText "ssh-banner" ''
+ # Welcome to spacebar.chat!
+ #'');
+ };
+ };
+
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ # chris
+ #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
+
+ # Rory&
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpmQMHBFOpLfb0Y138VUK1p4FxEPSOz5FRpDK8/eOFwBmEKDjLnT4d/e/Rz2VknCTSKXLMZ4KBMYM014NW3SZR90cDAFwlkdSX638fQlEO3usfALNLWsLbzqzkufw6PKWqrybZvlpwjcacYlRItvit/GH7FLqfiT/G6BdyBErn/lmmcBxF0So0aeba2G/xf7BPPQqqaTqQgE9ml87fdFVw4zVcix823K92SQIx7PkSInpgJwqjLR8cVkL2lkvMdq6IjAEsHAiUYNbAQTUl6xhYa6+Cl8CdvCyINzCpWS3Md2rSH84dZEq0ymZ40orF9JZbHHPgSGFbrg5PUOuJ57iaCPK20z474q2APUJ7aQXiifToZKqcWHFHCj7hqWja1rEt3rQbqRPgttSg5aP3lQ3GXbR/XhdcSYln1QpPTCBxklrfN1P6hF6lWBtGhtGzOvZ5Lt1uofdsK71k5eMwYHTcBnVaMtxbYzR9ihFN6LCNvvnrj+2NvHOiYSCr+y3G4kk="
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7"
+ #"ssh-dss AAAAB3NzaC1kc3MAAACBAMoTE3Nr79Bxg6B6SsNZh/XO4yyog7Bahg+ltICfnb9j+EXXt7mTIT5Q+8y+J3CrpRswKLK729QN/u401aqGmp/9gyAsBzpIYqxnurKjqV+6SM7PbvsGAO6YJRefpTbwz1LidUfGYu1Buv1Mg2aP6SxjM7uAz6Km9q4P6flcCegDAAAAFQDJ2BKaq0Dj0UKltXcY8SmyCb5FWQAAAIEAhHLzeD6EV26+y2zhNT+tMcm0Mc8SiJtLJCUGZqpwCkOQwJTgerxW4ri7rj/FQwpo39d7c4IMXKOh3p1g9tei8JvZ23mF7pujupqVVcRfUDJClTZkUFHwvoJSdKaPvXSWdO8E3AAkCpKYcHb3BNak8JwtC0cMRZ4LeCFfizm4WkMAAACBAJMwhnXAXgiY0rg0AZZxo2GLCm7U52u+CXx/LEd13LEYvrs8OoJCI0PjEWOKapNu0/d+iVr7aVTsfATDC/9nVRamUvMbpgGeXDetTvVRhzAy+AFQisxhu/xNM+PrRQSpiBMYQ4UTMnsrfjvTekxLoFH8hT/oDM7KhtomlbZRly2Q thearcanebrony@tab-linux-desktop"
+
+ # samuel
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxVritRUw3G4SMXxYpZqqkjxBUBVA+VnRcYz8ikt22iqZu0YDfILbfZ20sKF/82/VyEbzTTbTXfydlg5U248rTm93O1uXrg+H6NMqckZsqPYwQjU7+RnUDCgJUSmsTOX1Xm904NAqmjj1OLjFRO7SCJ8R5u98IagwlXzrpQ4rMOeg/HAS4Ki5nM7D0RHiar8csw2kcr3XMUCbSGmevsC+ExomHaTC1hD9r4uhZkbbyURqYGXd6hXRQCeoW3AgVRfpjDxyiYWpz9aCsWQN0iuRQeIbykfACm8Uhq42WPA+QiCifxnJSp6iSRkz1CZLxHcL/ws4sx4Xyx+JQWdBc92T/"
+ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO2ROpMQH8QFoSP+97lGqf86ybr4OI0ohrGXCE2rAimawussEpYir2igRtF6j4Vw7rD1Jz5XeNgChW+kF4C5DNc="
+
+ # kino
+ #"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAgVEkgeVnatQ1iAsZvQuw1hj1jCAQTObaCF7M0nSf7UrSUWxs+C8s+uvg6HcJiQpRWvNaLtX1xKzAwK3wkqLXQIrOYdRTrm4TEQGdZ8QlUwGOTdpVECEiVEXuYZgiYhBoP35OeskPOcFDtYGHzsBM0ckb71xSI1S4HxmETxGlOl43JZ7SjiMYjtAEN8eqrPxcQB8R4htrxeThRypUMbO2Lc5JmnUK2fEIU3O2xHvL/vpjcBrWK/9GNoUeClWvFqasBBWOcUvPvmBEfymORJX73ELD3lPVbhIUucYQl/471O4xGALrBY6krTM4LHsNm3NG1StMlNM0LeZIy3YTHvo6dtAJJ3zYaLt9BiMpPkw2vllh35b5FSNxgJ9lU1WiM/q5TEvPsUrk5+Pi6SIEt48rejsuYwNJySmy+26ZfNJDh0Gn2S2aZJsXyrTx03t6rfuVptnOY08ZBxaOFE1lxHYOdzHL+/M1U1Z64/lkG1L7yvJtUxYAxJoxku8JenBVWQJMcKzoZDVWnrCKoKeEC8kLRjLWTDHGEq2RFOpaDBxDRYQeTFY2uQMv8F3Sbfd1FY3RF2s6wk1HB+r29skI2StN/PbQNbz57oCYAJvtsirmGoVd5BG4F335rtDENVwzYksUSEh+nKvgdUNKf7+mZg02QeKFoSJ304RLsrDsadBoF7c="
+ #"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAgVEkgeVnatQ1iAsZvQuw1hj1jCAQTObaCF7M0nSf7UrSUWxs+C8s+uvg6HcJiQpRWvNaLtX1xKzAwK3wkqLXQIrOYdRTrm4TEQGdZ8QlUwGOTdpVECEiVEXuYZgiYhBoP35OeskPOcFDtYGHzsBM0ckb71xSI1S4HxmETxGlOl43JZ7SjiMYjtAEN8eqrPxcQB8R4htrxeThRypUMbO2Lc5JmnUK2fEIU3O2xHvL/vpjcBrWK/9GNoUeClWvFqasBBWOcUvPvmBEfymORJX73ELD3lPVbhIUucYQl/471O4xGALrBY6krTM4LHsNm3NG1StMlNM0LeZIy3YTHvo6dtAJJ3zYaLt9BiMpPkw2vllh35b5FSNxgJ9lU1WiM/q5TEvPsUrk5+Pi6SIEt48rejsuYwNJySmy+26ZfNJDh0Gn2S2aZJsXyrTx03t6rfuVptnOY08ZBxaOFE1lxHYOdzHL+/M1U1Z64/lkG1L7yvJtUxYAxJoxku8JenBVWQJMcKzoZDVWnrCKoKeEC8kLRjLWTDHGEq2RFOpaDBxDRYQeTFY2uQMv8F3Sbfd1FY3RF2s6wk1HB+r29skI2StN/PbQNbz57oCYAJvtsirmGoVd5BG4F335rtDENVwzYksUSEh+nKvgdUNKf7+mZg02QeKFoSJ304RLsrDsadBoF7c="
+
+ # maddy
+ #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOXRjGuFSnbe9zU0gd09SzfCL8JMf4EWVqbj3iAcFYsXeoMCXz5YtLl1kkOeQ3uXT1m8H/zjIRkpn2GbDpD000TBTXyBlzNOVQ23fZOvzMrYl2pX/09VFACF+tCTMxy1YsJur3ka9uwLlsmMqvSl0YZt6bN6RfEglGMEPuBfTm1EFo7MhXhUPnGUwiJ8xcsGSRH2kGmp/FSHUZL4CVWviZweULl2BcJTxqOdVZKM547SzN8/rLpu6I/4G/P8JTBiSIP4k8n5Fq6sZcDI5OOO6dk91wH9hU210kGHpwicXOoPAZzLFg4+Rz6VsXI1V8geydfm1Ci+XsQHEMs0V9IsAHPHvb8OeXBcyKtkaa4qAvIRN7ZdU4j17RVg8jHdkfdhkiNTzc6pnb9JS7xG/HU+9CW9USDaR6OFD5qSuUxLYP9qk9wYKtm+A3Yt6P+FLcuzSpjXu93vCGjJwCnuXcTP8DhoO3jVtzaixqzNMLgLCwDlalcf0lOSYEmzTs32lpPec= maddy@The"
+
+ # cat
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNLIRgH0j8DXd2KoGWgyRmI9hEtBE8O3UDZf+hZ5dTQ coconut@fedora"
+
+ # puyo
+ #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZDkdhQ/7/jvmOQ45O07X3UTx9tIjUVpa8uaOTzUeBj puyodead@protonmail.com"
+
+ # cyber
+ #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFnQSAqDqmi9OUgUCMWce02YxuTA0Bpgjm3y4rirrYmk cyber@cyber-pc"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlyMSbCh8+dHKejBpZ3qZ5znqUeVOOMCru8da82Rrle cyber@cyber-pc"
+
+ # Loan FC
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCMal04K4Gt89u13D4fOo3TMh8jgw79YeLHjn4OgEr2XCiXYd7mJeh7Osxy9Hlifl2Vf9sySjhArwsa8pkXxxh1Rdnk9csRpMx2EKGgNiLwVlqelIaNZ73uqi8ub6a7wns19NYAYl0Vy4Qvj93qOeDDVQT5MY/4BpYiku0QhYfUZuN84nwI98TnBMrBqWzVarYTSoboHaIiO+2Jxs5MSx3+xwLBGg07PpndtFr73+UJTPCHo02jqOoqzHDOY/9zKphpYVdA0+ObQtQl3KfdrIsB1UjngoQRkesl7cZenHLIpC6meSG3nWL5821rwEQSEdLY/vy6BWM6Cz07TQ6TLGurZSghSUbaEHqdeLLKqFbNw6+GxhgeFycJSUg+cakyxfxei08p6+sPn6m3tN56ZlArBkLd3ZyRM1ZPna50oUQHO/B10LCBfdZ7cXM2ErGzeJXCTdBRFtj6GxFa30nxTWsW1pS08EgkUrVyVfjN6P5w36wRC76z12U6lI40pfRqw7f3oPrN1mirThFB7v5RB/bPbnqnyHX/hLnjacMML8axeAyPoiGfnFoRC9VxUe2wn2xf4TopemsC/wzAoQzdEPxfW+tx+pB1DAl9HREw+CWDqVZCCE0SrzqPkT3sWnnKcguo76q3V1yCECzUYeqMusSFIiMdzBaAv498oRI/tjxh/w== torresefrain10@gmail.com"
+ ];
+ };
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
new file mode 100644
index 0000000..228bf69
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
@@ -0,0 +1,200 @@
+{ spacebar, lib, ... }:
+
+let
+ sb = import "${spacebar}/nix/lib/mkEndpoint.nix";
+in
+{
+ imports = [ spacebar.nixosModules.default ];
+ services.spacebarchat-server = {
+ enable = true;
+ serverName = "spacebar.chat";
+
+ apiEndpoint = sb.mkEndpoint "api.rory.server.spacebar.chat" 3001 true;
+ gatewayEndpoint = sb.mkEndpoint "gateway.rory.server.spacebar.chat" 3002 true;
+ extraGatewayPorts = lib.range 3100 3115;
+ cdnEndpoint = sb.mkEndpoint "cdn.rory.server.spacebar.chat" 3003 true;
+ adminApiEndpoint = sb.mkEndpoint "admin.rory.server.spacebar.chat" 3004 true;
+ webrtcEndpoint = sb.mkEndpoint "voice.rory.server.spacebar.chat" 3005 true;
+
+ cdnPath = "/storage";
+
+ cdnSignaturePath = "/run/secrets/spacebar/cdnSignature";
+ legacyJwtSecretPath = "/run/secrets/spacebar/legacyJwtSecret";
+ mailjetApiKeyPath = "/run/secrets/spacebar/mailjetApiKey";
+ mailjetApiSecretPath = "/run/secrets/spacebar/mailjetApiSecret";
+ # smtpPasswordPath = "/run/secrets/spacebar/smtpPassword";
+ gifApiKeyPath = "/run/secrets/spacebar/gifApiKey";
+ # rabbitmqHostPath = "/run/secrets/spacebar/rabbitmqHost";
+ abuseIpDbApiKeyPath = "/run/secrets/spacebar/abuseIpDbApiKey";
+ captchaSecretKeyPath = "/run/secrets/spacebar/captchaSecretKey";
+ captchaSiteKeyPath = "/run/secrets/spacebar/captchaSiteKey";
+ ipdataApiKeyPath = "/run/secrets/spacebar/ipdataApiKey";
+ requestSignaturePath = "/run/secrets/spacebar/requestSignature";
+
+ adminApi = {
+ enable = true;
+ extraConfiguration.ConnectionStrings.Spacebar = "Host=192.168.100.1; Username=spacebar; Password=spacebar; Database=spacebar; Port=5432; Include Error Detail=true; Maximum Pool Size=1000; Command Timeout=6000; Timeout=600;";
+ };
+
+ pion-sfu = {
+ enable = true;
+ publicIp = "51.210.113.110";
+ };
+
+ settings = {
+ security = {
+ forwardedFor = "X-Forwarded-For";
+ trustedProxies = "192.168.100.1, linklocal";
+ cdnSignUrls = true;
+ cdnSignatureIncludeIp = true;
+ cdnSignatureIncludeUserAgent = false;
+ cdnSignatureDuration = "15m";
+ };
+ general = {
+ frontPage = "https://spacebar.chat";
+ instanceDescription = "The official testing for Spacebar";
+ instanceId = "1007550087590649856";
+ instanceName = "Spacebar Staging Official";
+ publicUrl = "https://rory.server.spacebar.chat";
+ tosPage = "https://docs.spacebar.chat/contributing/conduct/";
+ correspondenceUserID = "1006598230156341276";
+ correspondenceEmail = "root@rory.gay";
+ };
+ guild = {
+ autoJoin = {
+ bots = false;
+ canLeave = true;
+ enabled = true;
+ guilds = [ "1006649183970562092" ];
+ };
+ };
+ limits = {
+ guild = {
+ maxMembers = 25000000;
+ maxEmojis = 2000;
+ maxChannelsInCategory = 65535;
+ maxChannels = 250;
+ maxRoles = 250;
+ maxBulkBanUsers = 200;
+ maxStickers = 500;
+ };
+ message = {
+ maxCharacters = 1048576;
+ maxTTSCharacters = 160;
+ maxReactions = 2048;
+ maxAttachmentSize = 1073741824;
+ maxEmbedDownloadSize = 5242880;
+ maxBulkDelete = 1000;
+ maxPreloadCount = 100;
+ };
+ channel = {
+ maxPins = 500;
+ maxTopic = 1024;
+ maxWebhooks = 100;
+ };
+ rate = {
+ ip = {
+ window = 5;
+ count = 500;
+ };
+ global = {
+ count = 250;
+ window = 5;
+ };
+ error = {
+ window = 5;
+ count = 10;
+ };
+ routes = {
+ guild = {
+ window = 5;
+ count = 5;
+ };
+ webhook = {
+ count = 10;
+ window = 5;
+ };
+ channel = {
+ count = 10;
+ window = 5;
+ };
+ auth = {
+ login = {
+ window = 60;
+ count = 5;
+ };
+ register = {
+ count = 2;
+ window = 43200;
+ };
+ };
+ };
+ enabled = false;
+ };
+ user = {
+ maxGuilds = 1000;
+ maxUsername = 64;
+ maxFriends = 2000;
+ maxBio = 500;
+ };
+ absoluteRate = {
+ register = {
+ limit = 25;
+ window = 3600000;
+ enabled = false;
+ };
+ sendMessage = {
+ limit = 120;
+ window = 60000;
+ enabled = false;
+ };
+ };
+ };
+ user = {
+ blockedContains = [
+ "discord"
+ "clyde"
+ "mail.ru"
+ "penis"
+ "child"
+ "admin"
+ "owner"
+ "moderator"
+ "Noruya"
+ "𝖞𝖔𝖗𝖚𝖟𝖆"
+ "spacebar"
+ "1488"
+ "hitler"
+ "nigger"
+ "nitro"
+ "monero"
+ "gmail.com"
+ "outlook.com"
+ "steam"
+ ];
+ };
+ register = {
+ blockIpDataCoThreatTypes = [];
+ #checkIp = false;
+ enableAbuseIpDb = true;
+ enableIpData = false; # 1500req/d, needed by gateway
+ };
+ embeds = {
+ youtube = {
+ userAgent = "Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)";
+ };
+ };
+ };
+ extraEnvironment = {
+ DATABASE = "postgres://spacebar:spacebar@192.168.100.1/spacebar";
+ #LOG_REQUESTS = "-200,204,304";
+ LOG_REQUESTS = "-";
+ LOG_VALIDATION_ERRORS = true;
+ #DB_LOGGING=true;
+ #LOG_GATEWAY_TRACES=true;
+ #LOG_PROTO_UPDATES=true;
+ #LOG_PROTO_FRECENCY_UPDATES=true;
+ #LOG_PROTO_SETTINGS_UPDATES=true;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/email/nginx.nix b/host/Rory-ovh/services/email/nginx.nix
index 5b04612..2b3bc04 100644
--- a/host/Rory-ovh/services/email/nginx.nix
+++ b/host/Rory-ovh/services/email/nginx.nix
@@ -1,21 +1,20 @@
-{ config, ... }:
+{ config, lib, ... }:
{
services.nginx.virtualHosts = {
- "mta-sts.rory.gay" = {
- enableACME = !config.virtualisation.isVmVariant;
- forceSSL = !config.virtualisation.isVmVariant;
- locations = {
- "/.well-known/mta-sts.txt" = {
- # age 604800
- return = ''
- 200 "version: STSv1
- mode: enforce
- max_age: 120
- mx: mail.rory.gay
- "'';
- };
- };
- };
+# "mta-sts.rory.gay" = {
+# enableACME = !config.virtualisation.isVmVariant;
+# forceSSL = !config.virtualisation.isVmVariant;
+# locations = {
+# "/.well-known/mta-sts.txt" = {
+# # age 604800
+# return = lib.replaceString "\n" "\\n" ''
+# 200 "version: STSv1
+# mode: enforce
+# max_age: 120
+# mx: mail.rory.gay"'';
+# };
+# };
+# };
"mail.rory.gay" = {
enableACME = !config.virtualisation.isVmVariant;
forceSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/matrix/draupnir.nix b/host/Rory-ovh/services/matrix/draupnir.nix
index ac4ca6f..54f5d23 100755
--- a/host/Rory-ovh/services/matrix/draupnir.nix
+++ b/host/Rory-ovh/services/matrix/draupnir.nix
@@ -30,11 +30,36 @@
protections = {
wordlist = {
words = [
+ # The Obvious
"tranny"
"faggot"
"ywnbaw"
"nigger"
+ # abuse domains
"https://postimg.cc/"
+ "https://s.binance.com"
+ # Dec 2025 IRC spam
+ "irc.hardchats.com"
+ "white power"
+ "white pride"
+ "trannies"
+ "jews did 9/11"
+ "zigger"
+ "|| || <==="
+ "usurping jews"
+ "fag hoe"
+ "neo-freenode"
+ "thegreatbritishbookshop.co.uk"
+ "\"israel\""
+ "die alone"
+ "kike"
+ "irc.tr0ll.us"
+ "irc.gangste.rs"
+ "irc.wepump.in"
+ "death to"
+ "irc.hackclub.com"
+ "irc.supernets.org"
+ "[supernets]"
];
minutesBeforeTrusting = 0;
};
diff --git a/host/Rory-ovh/services/matrix/ooye.nix b/host/Rory-ovh/services/matrix/ooye.nix
index ff13bf8..7b85c4f 100644
--- a/host/Rory-ovh/services/matrix/ooye.nix
+++ b/host/Rory-ovh/services/matrix/ooye.nix
@@ -3,6 +3,7 @@
{
services.matrix-ooye = {
enable = true;
+ debugPort = 9944;
homeserver = "https://matrix.rory.gay";
homeserverName = "rory.gay";
enableSynapseIntegration = true;
diff --git a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
index 86e1348..16bd6b0 100755
--- a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
+++ b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
@@ -35,9 +35,9 @@
toDeviceStreamWriters = 1;
typingStreamWriters = 1;
- plugins = with pkgs.matrix-synapse-plugins; [
- synapse-http-antispam
- ];
+ #plugins = with pkgs.matrix-synapse-plugins; [
+ # synapse-http-antispam
+ #];
#untested:
#sharedStreamWriters = 1;
diff --git a/host/Rory-ovh/services/nginx/fosscord.com/matrix.nix b/host/Rory-ovh/services/nginx/fosscord.com/matrix.nix
new file mode 100644
index 0000000..14ccad5
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/fosscord.com/matrix.nix
@@ -0,0 +1,14 @@
+{
+# enableACME = true;
+# addSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:8009";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/fosscord.com/root.nix b/host/Rory-ovh/services/nginx/fosscord.com/root.nix
new file mode 100644
index 0000000..7efa326
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/fosscord.com/root.nix
@@ -0,0 +1,16 @@
+{ lib, config }: {
+ locations = {
+ "/" = {
+ extraConfig =
+ ''
+ return 301 https://spacebar.chat$request_uri;
+ '';
+ };
+ ".well-known/matrix/server" = {
+ root = "/var/lib/matrix";
+ };
+ "^~ /.well-known/acme-challenge/" = {
+ root = "/var/lib/acme/acme-challenge";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
index c1f1c05..2d9847b 100755
--- a/host/Rory-ovh/services/nginx/nginx.nix
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -15,7 +15,6 @@ in
services = {
nginx = {
enable = true;
- package = pkgs.nginxQuic;
recommendedProxySettings = true;
recommendedTlsSettings = true;
experimentalZstdSettings = true;
@@ -37,6 +36,30 @@ in
access_log /var/log/nginx/access.log combined_vhosts;
'';
additionalModules = with pkgs.nginxModules; [ moreheaders ];
+
+ upstreams."spacebar-gateway" = {
+ servers = {
+ # main
+ "192.168.100.22:3002" = {};
+ # extraPorts
+ "192.168.100.22:3100" = {};
+ "192.168.100.22:3101" = {};
+ "192.168.100.22:3102" = {};
+ "192.168.100.22:3103" = {};
+ "192.168.100.22:3104" = {};
+ "192.168.100.22:3105" = {};
+ "192.168.100.22:3106" = {};
+ "192.168.100.22:3107" = {};
+ "192.168.100.22:3108" = {};
+ "192.168.100.22:3109" = {};
+ "192.168.100.22:3110" = {};
+ "192.168.100.22:3111" = {};
+ "192.168.100.22:3112" = {};
+ "192.168.100.22:3113" = {};
+ "192.168.100.22:3114" = {};
+ "192.168.100.22:3115" = {};
+ };
+ };
virtualHosts = {
#"boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
# "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
@@ -71,6 +94,7 @@ in
# #matrix...
# "conduit.rory.gay" = import ./rory.gay/conduit.nix;
"matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; };
+ "nix-bincache.rory.gay" = import ./rory.gay/nix-bincache.nix { inherit config; };
"ooye.rory.gay" = import ./rory.gay/ooye.nix { inherit config; };
"syntest1.rory.gay" = import ./rory.gay/syntest1.nix { inherit config; };
"syntest2.rory.gay" = import ./rory.gay/syntest2.nix { inherit config; };
@@ -84,6 +108,18 @@ in
# "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
"mru.rory.gay" = import ./rory.gay/mru.nix { inherit config; };
"ec.rory.gay" = import ./rory.gay/ec.nix { inherit config; };
+ #spacebar...
+ "rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/root.nix { inherit config; };
+ "admin.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/admin.nix { inherit config; };
+ "api.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/api.nix { inherit config; };
+ "gateway.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/gateway.nix { inherit config; };
+ "voice.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/voice.nix { inherit config; };
+ "cdn.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/cdn.nix { inherit config; };
+ # legacy
+ "old.server.spacebar.chat" = import ./spacebar.chat/server/rory/root.nix { inherit config; };
+ "api.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/api.nix { inherit config; };
+ "gateway.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/gateway.nix { inherit config; };
+ "cdn.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/cdn.nix { inherit config; };
};
};
};
diff --git a/host/Rory-ovh/services/nginx/rory.gay/nix-bincache.nix b/host/Rory-ovh/services/nginx/rory.gay/nix-bincache.nix
new file mode 100755
index 0000000..702f34c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/nix-bincache.nix
@@ -0,0 +1,8 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/root.nix b/host/Rory-ovh/services/nginx/rory.gay/root.nix
index 2f491cf..a4a03b8 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/root.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/root.nix
@@ -3,7 +3,7 @@
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
root = "/data/nginx/html_rory_gay";
- extraConfig = ''autoindex on;'';
+ extraConfig = "autoindex on;";
locations."= /.well-known/matrix/server".extraConfig = ''
more_set_headers 'Content-Type application/json';
@@ -46,4 +46,28 @@
}
}';
'';
+
+ locations."= /.well-known/host-meta".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '<?xml version="1.0" encoding="utf-8"?>
+ <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
+ <Link rel="urn:xmpp:alt-connections:websocket"
+ href="wss://xmpp.rory.gay/ws" />
+ </XRD>';
+ '';
+ locations."= /.well-known/host-meta.json".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ links = [
+ {
+ rel = "urn:xmpp:alt-connections:websocket";
+ href = "wss://xmpp.rory.gay/ws";
+ }
+ ];
+ }
+ }';
+ '';
}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/grafana.nix b/host/Rory-ovh/services/nginx/spacebar.chat/grafana.nix
new file mode 100644
index 0000000..d2b7207
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/grafana.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.99:3000";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/mail.nix b/host/Rory-ovh/services/nginx/spacebar.chat/mail.nix
new file mode 100644
index 0000000..3ca873d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/mail.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.3";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix
new file mode 100644
index 0000000..8b7df6d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3001";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix
new file mode 100644
index 0000000..89958fe
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3003";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix
new file mode 100644
index 0000000..391d372
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://spacebar-gateway";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix
new file mode 100644
index 0000000..8b7df6d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3001";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/admin.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/admin.nix
new file mode 100644
index 0000000..df28a55
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/admin.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3004";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix
new file mode 100644
index 0000000..00bbc6c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3001";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix
new file mode 100644
index 0000000..02894d7
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3003";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix
new file mode 100644
index 0000000..18c66fa
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix
@@ -0,0 +1,10 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://spacebar-gateway";
+ proxyWebsockets = true;
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix
new file mode 100644
index 0000000..00bbc6c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3001";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/voice.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/voice.nix
new file mode 100644
index 0000000..0dd40c9
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/voice.nix
@@ -0,0 +1,10 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3005";
+ proxyWebsockets = true;
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/thearcanebrony.net/matrix.nix b/host/Rory-ovh/services/nginx/thearcanebrony.net/matrix.nix
new file mode 100644
index 0000000..d2b7606
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/thearcanebrony.net/matrix.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ addSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:8008";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nix-bincache.nix b/host/Rory-ovh/services/nix-bincache.nix
new file mode 100644
index 0000000..811ca63
--- /dev/null
+++ b/host/Rory-ovh/services/nix-bincache.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+ services.nix-serve = {
+ enable = true;
+ package = pkgs.nix-serve-ng;
+ port = 3642;
+ bindAddress = "127.0.0.1";
+ secretKeyFile = "/data/secrets/nix-bincache-priv-key.pem";
+ };
+}
diff --git a/host/Rory-ovh/services/prosody.nix b/host/Rory-ovh/services/prosody.nix
new file mode 100644
index 0000000..49fb2d0
--- /dev/null
+++ b/host/Rory-ovh/services/prosody.nix
@@ -0,0 +1,17 @@
+{ lib, pkgs, ... }:
+{
+ services.prosody = {
+ enable = true;
+ virtualHosts."rory.gay" = {
+ enabled = true;
+ domain = "rory.gay";
+ };
+ admins = [
+ "emma@rory.gay"
+ ];
+ muc = [ { domain = "xmpp.rory.gay"; } ];
+ httpFileShare = {
+ domain = "xmpp.rory.gay";
+ };
+ };
+}
|
