Merge branch 'main' of https://tangled.sh/@ocbwoy3.dev/nix
This commit is contained in:
@@ -5,6 +5,7 @@
|
|||||||
./modules/atproto-pds.nix
|
./modules/atproto-pds.nix
|
||||||
./modules/cloudflare.nix
|
./modules/cloudflare.nix
|
||||||
./modules/knot.nix
|
./modules/knot.nix
|
||||||
|
./modules/misskey.nix
|
||||||
../../modules/force.nix
|
../../modules/force.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
# Upload PDS backup to /var/lib/pds
|
# Upload PDS backup to /var/lib/pds
|
||||||
# and specify secrets in /private/atproto-pds.env
|
# and specify secrets in /private/atproto-pds.env
|
||||||
|
|
||||||
services.pds = {
|
services.bluesky-pds = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pdsadmin.enable = true;
|
pdsadmin.enable = true;
|
||||||
environmentFiles = [ "/private/atproto-pds.env" ];
|
environmentFiles = [ "/private/atproto-pds.env" ];
|
||||||
@@ -14,7 +14,7 @@
|
|||||||
PDS_CRAWLERS = "https://bsky.network";
|
PDS_CRAWLERS = "https://bsky.network";
|
||||||
LOG_ENABLED = "true";
|
LOG_ENABLED = "true";
|
||||||
PDS_HOSTNAME = "pds.ocbwoy3.dev";
|
PDS_HOSTNAME = "pds.ocbwoy3.dev";
|
||||||
PDS_VERSION = "\"ATProto PDS v69420\"";
|
# PDS_VERSION = "\"ATProto PDS v69420\"";
|
||||||
PDS_DID_PLC_URL = "https://plc.directory";
|
PDS_DID_PLC_URL = "https://plc.directory";
|
||||||
PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
|
PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev";
|
||||||
PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev";
|
PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev";
|
||||||
|
|||||||
31
hosts/server/modules/misskey.nix
Normal file
31
hosts/server/modules/misskey.nix
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.misskey = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
maxFileSize = 20 * 1024 * 1024;
|
||||||
|
port = 8089;
|
||||||
|
url = "https://ocbwoy3.dev";
|
||||||
|
publishTarballInsteadOfProvideRepositoryUrl = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
database = {
|
||||||
|
# passwordFile = "/private/misskey-db.pw";
|
||||||
|
createLocally = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
redis = {
|
||||||
|
# passwordFile = "/private/misskey-db.pw";
|
||||||
|
createLocally = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
reverseProxy.enable = lib.mkDefault false; # shit, we already have cloudflared
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /misskey 0755 root root -"
|
||||||
|
];
|
||||||
|
}
|
||||||
@@ -26,9 +26,24 @@
|
|||||||
c-ares ffmpeg gtk3 http-parser libevent libvpx libxslt minizip nss re2 snappy libnotify libappindicator-gtk3
|
c-ares ffmpeg gtk3 http-parser libevent libvpx libxslt minizip nss re2 snappy libnotify libappindicator-gtk3
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.fail2ban = {
|
||||||
|
enable = true;
|
||||||
|
# Ban IP after 5 failures
|
||||||
|
maxretry = 5;
|
||||||
|
ignoreIP = [
|
||||||
|
"10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ports = [ 22 ];
|
ports = [ 22 ];
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
KbdInteractiveAuthentication = false;
|
||||||
|
PermitRootLogin = "no";
|
||||||
|
AllowUsers = [ "ocbwoy3" "git" ];
|
||||||
|
};
|
||||||
# fucks up ssh connections from iphone if you enable this
|
# fucks up ssh connections from iphone if you enable this
|
||||||
# settings = {
|
# settings = {
|
||||||
# KexAlgorithms = [ "curve25519-sha256@libssh.org" ];
|
# KexAlgorithms = [ "curve25519-sha256@libssh.org" ];
|
||||||
|
|||||||
Reference in New Issue
Block a user