From 974f185b001ef02f1d94345f398e3a9980dafc03 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 1 Mar 2024 15:49:38 -0500 Subject: [PATCH] progress --- src/system/modules/bitcoin/default.nix | 5 +-- .../modules/bitcoin/modules/default.nix | 2 +- src/system/modules/default.nix | 2 ++ src/system/modules/nginx/default.nix | 21 +++++++++++++ src/system/modules/nginx/sites/default.nix | 5 +++ .../modules/nginx/sites/mySite/default.nix | 30 ++++++++++++++++++ .../sites/mySite/modules/btc/default.nix | 31 +++++++++++++++++++ .../sites/mySite/modules/git/default.nix | 30 ++++++++++++++++++ src/system/modules/tor/default.nix | 23 ++++++++++++++ src/system/modules/tor/modules/default.nix | 5 +++ src/system/modules/tor/modules/relay.nix | 16 ++++++++++ src/user/configs/default.nix | 5 +-- 12 files changed, 168 insertions(+), 7 deletions(-) create mode 100644 src/system/modules/nginx/default.nix create mode 100644 src/system/modules/nginx/sites/default.nix create mode 100644 src/system/modules/nginx/sites/mySite/default.nix create mode 100644 src/system/modules/nginx/sites/mySite/modules/btc/default.nix create mode 100644 src/system/modules/nginx/sites/mySite/modules/git/default.nix create mode 100644 src/system/modules/tor/default.nix create mode 100644 src/system/modules/tor/modules/default.nix create mode 100644 src/system/modules/tor/modules/relay.nix diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index f2412bb..a18f739 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -7,10 +7,7 @@ let in { options.modules.system.bitcoin = { enable = mkEnableOption "system.bitcoin"; }; - imports = [ - ./core-lightning - ./sparrow-cli - ]; + imports = [ ./modules ]; config = mkIf cfg.enable { programs.bash.shellAliases = { diff --git a/src/system/modules/bitcoin/modules/default.nix b/src/system/modules/bitcoin/modules/default.nix index e7f0860..bbb0cbc 100644 --- a/src/system/modules/bitcoin/modules/default.nix +++ b/src/system/modules/bitcoin/modules/default.nix @@ -2,6 +2,6 @@ imports = [ ./core-lightning ./electrs - ./sparrow-cli + ./sparrow-server ]; } diff --git a/src/system/modules/default.nix b/src/system/modules/default.nix index 7e1d613..77c150a 100644 --- a/src/system/modules/default.nix +++ b/src/system/modules/default.nix @@ -1,5 +1,7 @@ { imports = [ ./bitcoin + ./nginx + ./tor ]; } diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix new file mode 100644 index 0000000..6079a17 --- /dev/null +++ b/src/system/modules/nginx/default.nix @@ -0,0 +1,21 @@ +{ lib, config, pkgs, ... }: + +with lib; +let + cfg = config.modules.system.nginx; + +in +{ options.modules.system.nginx = { enable = mkEnableOption "system.nginx"; }; + config = mkIf cfg.enable { + imports = [ ./sites ]; + security.acme = { + defaults = { + email = config.user.email; + }; + }; + services.nginx = { + enable = true; + package = pkgs.nginxMainLine; + }; + }; +} diff --git a/src/system/modules/nginx/sites/default.nix b/src/system/modules/nginx/sites/default.nix new file mode 100644 index 0000000..94b7201 --- /dev/null +++ b/src/system/modules/nginx/sites/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./mySite + ]; +} diff --git a/src/system/modules/nginx/sites/mySite/default.nix b/src/system/modules/nginx/sites/mySite/default.nix new file mode 100644 index 0000000..56932e2 --- /dev/null +++ b/src/system/modules/nginx/sites/mySite/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.system.nginx.mySite; + nginxCfg = config.modules.system.nginx; + +in +{ options.modules.system.nginx.mySite = { enable = mkEnableOption "system.nginx.mySite"; }; + config = mkIf (cfg.enable && nginxCfg) { + security.acme = { + certs = { + "*.ramos.codes" = { + #TODO: configure ACME certs + }; + }; + }; + services.nginx = { + #TODO: check if configure as vhost or stream + virtualHosts = { + "*.ramos.codes" = { + addSSL = true; + onlySSL = true; + forceSSL = true; + acmeRoot = null; + }; + }; + }; + }; +} diff --git a/src/system/modules/nginx/sites/mySite/modules/btc/default.nix b/src/system/modules/nginx/sites/mySite/modules/btc/default.nix new file mode 100644 index 0000000..fa7f50c --- /dev/null +++ b/src/system/modules/nginx/sites/mySite/modules/btc/default.nix @@ -0,0 +1,31 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.system.nginx.mySite.btc; + mySiteCfg = config.modules.system.nginx.mySite; + btcCfg = config.modules.system.bitcoin; + +in +{ options.modules.system.nginx.mySite.btc = { enable = mkEnableOption "system.nginx.mySite.btc"; }; + config = mkIf (cfg.enable && mySiteCfg && btcCfg) { + #security.acme = { + # certs = { + # "btc.ramos.codes" = { + # #TODO: configure ACME certs + # }; + # }; + #}; + #services.nginx = { + # #TODO: check if configure as vhost or stream + # virtualHosts = { + # "btc.ramos.codes" = { + # addSSL = true; + # onlySSL = true; + # forceSSL = true; + # acmeRoot = null; + # }; + # }; + #}; + }; +} diff --git a/src/system/modules/nginx/sites/mySite/modules/git/default.nix b/src/system/modules/nginx/sites/mySite/modules/git/default.nix new file mode 100644 index 0000000..62b8f66 --- /dev/null +++ b/src/system/modules/nginx/sites/mySite/modules/git/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.system.nginx.mySite.git; + mySiteCfg = config.modules.system.nginx.mySite; + +in +{ options.modules.system.nginx.mySite.git = { enable = mkEnableOption "system.nginx.mySite.git"; }; + config = mkIf (cfg.enable && mySiteCfg) { + #security.acme = { + # certs = { + # "ramos.codes" = { + # #TODO: configure ACME certs + # }; + # }; + #}; + #services.nginx = { + # #TODO: check if configure as vhost or stream + # streamConfig = services.nginx.streamConfig ++ { + # "*.ramos.codes" = { + # addSSL = true; + # onlySSL = true; + # forceSSL = true; + # acmeRoot = null; + # }; + # }; + #}; + }; +} diff --git a/src/system/modules/tor/default.nix b/src/system/modules/tor/default.nix new file mode 100644 index 0000000..efdf41c --- /dev/null +++ b/src/system/modules/tor/default.nix @@ -0,0 +1,23 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.system.tor; + +in +{ options.modules.system.tor = { enable = mkEnableOption "system.tor"; }; + config = mkIf cfg.enable { + imports = [ ./modules ]; + services.tor = { + enable = true; + client = { + enable = lib.mkDefault true; + dns.enable = mkIf services.tor.client.enable true; + }; + relay.enable = lib.mkDefault false; + enableGeoIP = false; + DoSConnectionEnabled = true; + DoSCircuitCreationEnabled = true; + }; + }; +} diff --git a/src/system/modules/tor/modules/default.nix b/src/system/modules/tor/modules/default.nix new file mode 100644 index 0000000..893538e --- /dev/null +++ b/src/system/modules/tor/modules/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./relay + ]; +} diff --git a/src/system/modules/tor/modules/relay.nix b/src/system/modules/tor/modules/relay.nix new file mode 100644 index 0000000..17044a6 --- /dev/null +++ b/src/system/modules/tor/modules/relay.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.system.tor.relay; + torCfg = config.modules.system.tor; + +in +{ options.modules.system.tor.relay = { enable = mkEnableOption "system.tor.relay"; }; + config = mkIf (cfg.enable && torCfg.enable) { + services.tor = { + client.enable = false; + relay.enable = true; + }; + }; +} diff --git a/src/user/configs/default.nix b/src/user/configs/default.nix index 5de4451..ec65534 100644 --- a/src/user/configs/default.nix +++ b/src/user/configs/default.nix @@ -3,10 +3,11 @@ # Replace symlink at root of repo with user configs { options = { - user = lib.mkOption { + user = lib.mkOption rec { type = lib.types.attrs; default = { name = "bryan"; + email = "bryan@ramos.codes"; shell = pkgs.bash; groups = [ @@ -20,7 +21,7 @@ gitConfig = { userName = "Bryan Ramos"; - userEmail = "bryan@ramos.codes"; + userEmail = "${default.user.email}"; signing = { key = "F1F3466458452B2DF351F1E864D12BA95ACE1F2D"; signByDefault = true;