{ config, lib, pkgs, modulesPath, ... }:
let
in {
imports = [ ../default.nix ];
stitchyconf = {
form = "server";
};
networking.hostName = "tanzanite";
time.timeZone = "America/Los_Angeles";
virtualisation.docker = {
enable = true;
daemon.settings = {
data-root = "/opt/data/docker-data";
};
};
security.acme = {
acceptTerms = true;
defaults.email = "stitchy@stitchy.moe";
defaults.dnsProvider = "porkbun";
defaults.environmentFile = "/persist/acme/porkbun.tokens";
certs = {
"turn.stitchy.moe" = {};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "100m";
virtualHosts = {
"stitchy.moe" = {
enableACME = true;
forceSSL = true;
root = "/opt/www/stitchy.moe/public";
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*' always;
error_page 404 /404.html;
location = /404.html {
internal;
}
location ^~/shaders/ {
alias /opt/www/shader-web-test/;
}
location ^~/files/ {
alias /opt/www/files/;
}
'';
};
"gay.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3333";
};
};
"matrix.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9008";
};
};
"syncv3.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8009";
};
};
};
};
networking.firewall = {
allowedTCPPorts = [ 22 80 222 443 3478 5349 ];
allowedUDPPorts = [ 3478 5349 ];
allowedUDPPortRanges = [
{ from = 19000; to = 20000; }
];
};
# Boot Config
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Redundant Storage
fileSystems."/opt/data" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@data" "compress=zstd" ];
};
fileSystems."/opt/docker-containers" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@docker-containers" "compress=zstd" ];
};
fileSystems."/opt/www" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@www" "compress=zstd" ];
};
# Non-Redundant Storage
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@nix-root" "compress=zstd"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@nix-home" "compress=zstd"];
};
fileSystems."/nix/store" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd"];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@persist" "compress=zstd"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/262D-F161";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/5c007a16-9f0f-42d0-8761-63bea3120f6d"; }
];
# Static Networking
systemd.network.enable = true;
networking.useNetworkd = true;
systemd.network.networks."10-lan" = {
matchConfig.Name = "enp0s31f6";
address = [
"192.168.51.3/24"
];
routes = [
{ Gateway = "192.168.51.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
system.stateVersion = "24.11";
}