update

2024-06-23 17:52:19 +02:00
parent f8786dd24f
commit c5420f8d3a
30 changed files with 50 additions and 74 deletions
--- a/hosts/server/modules/exposed/bitcoin-git.nix
+++ b/hosts/server/modules/exposed/bitcoin-git.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }: {
+  systemd.timers."bitcoin-git" = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      Unit = "bitcoin-git.service";
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+  };
+
+  systemd.services."bitcoin-git" = {
+    script = ''
+      [ ! -d "/home/hadi/btcprice" ] && ${pkgs.git}/bin/git clone git@github.com:anotherhadi/btcprice /home/hadi/btcprice
+      cd "/home/hadi/btcprice"
+      price=$(${pkgs.curl}/bin/curl eur.rate.sx/1BTC)
+      echo "# Bitcoin Price in EURO" >README.md
+      echo "" >>README.md
+      echo "1 Bitcoin = $price€" >>README.md
+      echo "" >>README.md
+      echo "Date: $(date)" >>README.md
+      ${pkgs.git}/bin/git add .
+      ${pkgs.git}/bin/git commit -m "Update price (hadi)"
+      ${pkgs.git}/bin/git push -u origin main
+      exit 0
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "hadi";
+    };
+  };
+}
--- a/hosts/server/modules/exposed/cloudflare-dyndns.nix
+++ b/hosts/server/modules/exposed/cloudflare-dyndns.nix
@@ -0,0 +1,21 @@
+# CloudFlare Dynamic DNS client
+{
+  services.cloudflare-dyndns = {
+    enable = true;
+    ipv4 = true;
+    domains = [
+      "cloud.anotherhadi.com"
+      "vault.anotherhadi.com"
+      "anotherhadi.com"
+      "www.anotherhadi.com"
+      "test.anotherhadi.com"
+      "jack.anotherhadi.com"
+      "ntfy.anotherhadi.com"
+      "home.anotherhadi.com"
+      "kuma.anotherhadi.com"
+      "start.anotherhadi.com"
+    ];
+    proxied = true;
+    apiTokenFile = "/etc/cloudflare/apiToken";
+  };
+}
--- a/hosts/server/modules/exposed/kuma.nix
+++ b/hosts/server/modules/exposed/kuma.nix
@@ -0,0 +1,14 @@
+{
+  services.uptime-kuma = {
+    enable = true;
+    settings = {
+      HOST = "127.0.0.1";
+      PORT = "3005";
+    };
+  };
+  services.nginx.virtualHosts."kuma.anotherhadi.com" = {
+    enableACME = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:3005"; };
+  };
+  networking.firewall.allowedTCPPorts = [ 3005 ];
+}
--- a/hosts/server/modules/exposed/nextcloud.nix
+++ b/hosts/server/modules/exposed/nextcloud.nix
@@ -0,0 +1,22 @@
+# Nextcloud
+let hostname = "cloud.anotherhadi.com";
+in {
+  services.nextcloud = {
+    enable = true;
+    hostName = hostname;
+    https = true;
+    config = {
+      adminuser = "jack";
+      adminpassFile = "/etc/nextcloud/adminpassFile";
+    };
+    settings = {
+      trusted_domains =
+        [ "localhost" "127.0.0.1" "192.168.2.23" "cloud.anotherhadi.com" ];
+    };
+    nginx.recommendedHttpHeaders = true;
+  };
+  services.nginx.virtualHosts.${hostname} = {
+    forceSSL = false;
+    enableACME = true;
+  };
+}
--- a/hosts/server/modules/exposed/nginx.nix
+++ b/hosts/server/modules/exposed/nginx.nix
@@ -0,0 +1,10 @@
+# Nginx Reverse Proxy & ACME certs
+{ config, ... }: {
+  services.nginx.enable = true;
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = config.var.git.email;
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+}
--- a/hosts/server/modules/exposed/ntfy-sh.nix
+++ b/hosts/server/modules/exposed/ntfy-sh.nix
@@ -0,0 +1,21 @@
+# Push Notification Server
+# https://mynixos.com/nixpkgs/options/services.ntfy-sh
+let
+  hostname = "ntfy.anotherhadi.com";
+  port = 8082;
+  url = "https://" + hostname;
+in {
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      base-url = url;
+      listen-http = "127.0.0.1:${toString port}";
+      behind-proxy = true;
+    };
+  };
+  services.nginx.virtualHosts.${hostname} = {
+    enableACME = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
+  };
+  networking.firewall.allowedTCPPorts = [ port ];
+}
--- a/hosts/server/modules/exposed/tailscale.nix
+++ b/hosts/server/modules/exposed/tailscale.nix
@@ -0,0 +1,13 @@
+{ config, ... }: {
+  services.tailscale = {
+    enable = config.var.tailscale;
+    useRoutingFeatures = "both";
+    authKeyFile = "/etc/tailscale/authKey";
+    openFirewall = true;
+    extraUpFlags = [ "--advertise-exit-node" ];
+  };
+
+  # Fix DNS & IPv6 bugs
+  networking.nftables.enable = true;
+  services.resolved.enable = true;
+}
--- a/hosts/server/modules/exposed/vaultwarden.nix
+++ b/hosts/server/modules/exposed/vaultwarden.nix
@@ -0,0 +1,22 @@
+# Password manager
+let
+  hostname = "vault.anotherhadi.com";
+  url = "https://" + hostname;
+  port = 8222;
+in {
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = url;
+      SIGNUPS_ALLOWED = false;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = port;
+      ROCKET_LOG = "critical";
+    };
+  };
+  services.nginx.virtualHosts.${hostname} = {
+    enableACME = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
+  };
+  networking.firewall.allowedTCPPorts = [ port ];
+}