diff --git a/host/Rory-ovh/services/containers/shared.nix b/host/Rory-ovh/services/containers/shared.nix
new file mode 100644
index 0000000..543e92a
--- /dev/null
+++ b/host/Rory-ovh/services/containers/shared.nix
@@ -0,0 +1,42 @@
+{ pkgs, lib, config, ... }:
+{
+ environment.systemPackages = with pkgs; [
+ lnav
+ lsd
+ htop
+ btop
+ duf
+ kitty.terminfo
+ neovim
+ jq
+ dig
+ ];
+
+ networking.resolvconf.enable = false;
+ networking.nameservers = [
+ "1.1.1.1"
+ "1.0.0.1"
+ "8.8.8.8"
+ "8.4.4.8"
+ ];
+
+ environment.etc."resolv.conf" = lib.mkDefault {
+ text = lib.concatStringsSep "\n" (
+ lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers))
+ #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ]
+ ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [
+ "options single-request"
+ "options single-request-reopen"
+ "options inet6"
+ ]
+ );
+ };
+
+ services.resolved = {
+ enable = lib.mkForce false;
+ dnssec = lib.mkForce "false";
+ dnsovertls = lib.mkForce "false";
+ };
+
+ systemd.oomd.enable = false; # Kinda useless in a container, lol
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/container.nix b/host/Rory-ovh/services/containers/spacebar/container.nix
new file mode 100644
index 0000000..841a663
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/container.nix
@@ -0,0 +1,35 @@
+{
+ spacebar,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+ inherit spacebar;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/spacebar.nix
+ ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.22";
+
+ #bindMounts."spacebar-storage" = {
+ # hostPath = "/data/dedicated/spacebar-storage";
+ # mountPoint = "/storage";
+ # isReadOnly = false;
+ #};
+
+ #bindMounts."spacebar-secrets" = {
+ # hostPath = "/data/secrets/spacebar";
+ # mountPoint = "/run/secrets/spacebar";
+ # isReadOnly = true;
+ #};
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/root.nix b/host/Rory-ovh/services/containers/spacebar/root.nix
new file mode 100644
index 0000000..cb7d3cd
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/root.nix
@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ 3001
+ 3002
+ 3003
+ ];
+ };
+
+ # check that we can reach the database server before starting the service
+ #systemd.services."spacebar-apply-migrations" =
+ # let
+ # address = "192.168.100.1";
+ # in
+ # {
+ # path = [ pkgs.netcat pkgs.bash ];
+ # serviceConfig = {
+ # ExecStartPre = "${pkgs.bash}/bin/sh -c 'until ${pkgs.netcat}/bin/nc -z ${address} 5432; do echo \"Waiting for database server...\"; sleep 0.2; done'";
+ # };
+ # };
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
new file mode 100644
index 0000000..0c1b37c
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
@@ -0,0 +1,181 @@
+{ spacebar, ... }:
+
+let
+ sb = import "${spacebar}/nix/modules/default/lib.nix";
+in
+{
+ imports = [ spacebar.nixosModules.default ];
+ services.spacebarchat-server = {
+ enable = true;
+ serverName = "spacebar.chat";
+ apiEndpoint = sb.mkEndpoint "api.rory.server.spacebar.chat" 3001 true;
+ gatewayEndpoint = sb.mkEndpoint "gateway.rory.server.spacebar.chat" 3002 true;
+ cdnEndpoint = sb.mkEndpoint "cdn.rory.server.spacebar.chat" 3003 true;
+ #cdnPath = "/storage";
+
+ #cdnSignaturePath = "/run/secrets/spacebar/cdnSignature";
+ #legacyJwtSecretPath = "/run/secrets/spacebar/legacyJwtSecret";
+ #mailjetApiKeyPath = "/run/secrets/spacebar/mailjetApiKey";
+ #mailjetApiSecretPath = "/run/secrets/spacebar/mailjetApiSecret";
+ ## smtpPasswordPath = "/run/secrets/spacebar/smtpPassword";
+ #gifApiKeyPath = "/run/secrets/spacebar/gifApiKey";
+ ## rabbitmqHostPath = "/run/secrets/spacebar/rabbitmqHost";
+ #abuseIpDbApiKeyPath = "/run/secrets/spacebar/abuseIpDbApiKey";
+ #captchaSecretKeyPath = "/run/secrets/spacebar/captchaSecretKey";
+ #captchaSiteKeyPath = "/run/secrets/spacebar/captchaSiteKey";
+ #ipdataApiKeyPath = "/run/secrets/spacebar/ipdataApiKey";
+ #requestSignaturePath = "/run/secrets/spacebar/requestSignature";
+
+ settings = {
+ security = {
+ forwardedFor = "X-Forwarded-For";
+ trustedProxies = "192.168.100.1, linklocal";
+ cdnSignUrls = true;
+ cdnSignatureIncludeIp = true;
+ cdnSignatureIncludeUserAgent = true;
+ cdnSignatureDuration = "5m";
+ };
+ general = {
+ frontPage = "https://spacebar.chat";
+ instanceDescription = "The official testing for Spacebar";
+ instanceId = "1007550087590649856";
+ instanceName = "Spacebar Staging Official";
+ publicUrl = "https://rory.server.spacebar.chat";
+ tosPage = "https://docs.spacebar.chat/contributing/conduct/";
+ correspondenceUserID = "1006598230156341276";
+ correspondenceEmail = "root@rory.gay";
+ };
+ guild = {
+ autoJoin = {
+ bots = false;
+ canLeave = true;
+ enabled = true;
+ guilds = [ "1006649183970562092" ];
+ };
+ };
+ limits = {
+ guild = {
+ maxMembers = 25000000;
+ maxEmojis = 2000;
+ maxChannelsInCategory = 65535;
+ maxChannels = 250;
+ maxRoles = 250;
+ maxBulkBanUsers = 200;
+ maxStickers = 500;
+ };
+ message = {
+ maxCharacters = 1048576;
+ maxTTSCharacters = 160;
+ maxReactions = 2048;
+ maxAttachmentSize = 1073741824;
+ maxEmbedDownloadSize = 5242880;
+ maxBulkDelete = 1000;
+ maxPreloadCount = 100;
+ };
+ channel = {
+ maxPins = 500;
+ maxTopic = 1024;
+ maxWebhooks = 100;
+ };
+ rate = {
+ ip = {
+ window = 5;
+ count = 500;
+ };
+ global = {
+ count = 250;
+ window = 5;
+ };
+ error = {
+ window = 5;
+ count = 10;
+ };
+ routes = {
+ guild = {
+ window = 5;
+ count = 5;
+ };
+ webhook = {
+ count = 10;
+ window = 5;
+ };
+ channel = {
+ count = 10;
+ window = 5;
+ };
+ auth = {
+ login = {
+ window = 60;
+ count = 5;
+ };
+ register = {
+ count = 2;
+ window = 43200;
+ };
+ };
+ };
+ enabled = false;
+ };
+ user = {
+ maxGuilds = 1000;
+ maxUsername = 64;
+ maxFriends = 2000;
+ maxBio = 500;
+ };
+ absoluteRate = {
+ register = {
+ limit = 25;
+ window = 3600000;
+ enabled = false;
+ };
+ sendMessage = {
+ limit = 120;
+ window = 60000;
+ enabled = false;
+ };
+ };
+ };
+ user = {
+ blockedContains = [
+ "discord"
+ "clyde"
+ "mail.ru"
+ "penis"
+ "child"
+ "admin"
+ "owner"
+ "moderator"
+ "Noruya"
+ "𝖞𝖔𝖗𝖚𝖟𝖆"
+ "spacebar"
+ "1488"
+ "hitler"
+ "nigger"
+ "nitro"
+ "monero"
+ "gmail.com"
+ "outlook.com"
+ "steam"
+ ];
+ };
+ };
+ extraEnvironment = {
+ DATABASE = "postgres://postgres:postgres@192.168.100.1/spacebar";
+ #WEBRTC_PORT_RANGE=60000-61000;
+ #PUBLIC_IP=216.230.228.60;
+ LOG_REQUESTS = "-200,204,304";
+ LOG_VALIDATION_ERRORS = true;
+ #DB_LOGGING=true;
+ #LOG_GATEWAY_TRACES=true;
+ #LOG_PROTO_UPDATES=true;
+ #LOG_PROTO_FRECENCY_UPDATES=true;
+ #LOG_PROTO_SETTINGS_UPDATES=true;
+ #WRTC_PUBLIC_IP=webrtc.old.server.spacebar.chat;
+ WRTC_PUBLIC_IP = "216.230.228.19";
+ WRTC_PORT_MIN = 60000;
+ WRTC_PORT_MAX = 65000;
+ WRTC_LIBRARY = "@spacebarchat/medooze-webrtc";
+ #WRTC_LIBRARY=mediasoup-spacebar-wrtc;
+ };
+ };
+}
|
