summary refs log tree commit diff
path: root/hosts/vps
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vps')
-rw-r--r--hosts/vps/default.nix16
-rw-r--r--hosts/vps/services/cytube.nix140
-rw-r--r--hosts/vps/services/hydrus.nix1
-rw-r--r--hosts/vps/services/matrix.nix6
-rw-r--r--hosts/vps/services/website.nix78
5 files changed, 196 insertions, 45 deletions
diff --git a/hosts/vps/default.nix b/hosts/vps/default.nix
index 7cd5f6c..d55a62e 100644
--- a/hosts/vps/default.nix
+++ b/hosts/vps/default.nix
@@ -10,10 +10,11 @@
     ../../mixins/cli.nix
     ./services/website.nix
     ./services/git.nix
-    ./services/hydrus.nix
+    # ./services/hydrus.nix
     ./services/matrix.nix
     ./services/maloja.nix
     ./services/arXiv.nix
+    ./services/cytube.nix
   ];
 
   config = {
@@ -66,10 +67,21 @@
       openFirewall = true;
     };
     services.factorio = {
-      enable = true;
+      enable = false;
       openFirewall = true;
       game-password = "???";
       requireUserVerification = false;
     };
+    security.lockKernelModules = lib.mkForce false;
+    virtualisation.podman = {
+      enable = true;
+      autoPrune.enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings = {
+        # Required for container networking to be able to use names.
+        dns_enabled = true;
+      };
+    };
+    virtualisation.oci-containers.backend = "podman";
   };
 }
diff --git a/hosts/vps/services/cytube.nix b/hosts/vps/services/cytube.nix
new file mode 100644
index 0000000..deb0058
--- /dev/null
+++ b/hosts/vps/services/cytube.nix
@@ -0,0 +1,140 @@
+{
+  pkgs,
+  config,
+  lib,
+  system,
+  ...
+}: {
+  config = let
+    dir = "/var/lib/cytube";
+    yamlConfig =
+      pkgs.writeText "config.yaml"
+      (lib.generators.toYAML {} {
+        mysql = {
+          server = "localhost";
+          port = 3306;
+          database = "cytube";
+          user = "cytube";
+          password = "";
+          pool-size = 10;
+        };
+        listen = [
+          {
+            ip = "";
+            port = 8080;
+            http = true;
+          }
+          {
+            ip = "";
+            port = 8081;
+            io = true;
+            url = "https://tube.tzlil.net";
+          }
+        ];
+        http = {
+          default-port = 8080;
+          root-domain = "tube.tzlil.net";
+          alt-domains = [];
+          minify = false;
+          max-age = "7d";
+          gzip = true;
+          gzip-threshold = 1024;
+          cookie-secret = "tube.tzlil.net";
+          index = {
+            max-entries = 50;
+          };
+          trust-proxies = ["loopback"];
+        };
+        https = {
+          enabled = false;
+        };
+        html-template = {
+          title = "TZLINC";
+          description = "lol";
+        };
+        io = {
+          domain = "https://tube.tzlil.net";
+          default-port = 8081;
+        };
+        youtube-v3-key = "";
+        max-channels-per-user = 1;
+        max-accounts-per-ip = 5;
+        ffmpeg = {
+          enabled = true;
+          ffprobe-exec = "ffprobe";
+        };
+        service-socket = {
+          enabled = false;
+        };
+      });
+  in {
+    services.mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+      ensureDatabases = ["cytube"];
+      ensureUsers = [
+        {
+          name = "cytube";
+          ensurePermissions = {
+            "cytube.*" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+
+      settings = {
+        mysqld = {
+          bind-address = "127.0.0.1";
+          port = "3306";
+        };
+      };
+    };
+
+    virtualisation.oci-containers.containers.cytube = {
+      ports = [
+        "8080:8080"
+        "8081:8081"
+      ];
+      image = "cytube";
+
+      imageFile = pkgs.dockerTools.buildImage {
+        name = "cytube";
+        tag = "latest";
+        fromImage = pkgs.dockerTools.pullImage {
+          imageName = "kittysh/cytube";
+          imageDigest = "sha256:77e6051c0fe4ce486375f53d80a5cb9a18e289db9cc8ba28e142287b53730455";
+          sha256 = "072gyx9s4nnq2i8h5b3n3vrcl5h7wigq9fzbf6y11n945km1ds2r";
+          finalImageName = "kittysh/cytube";
+          finalImageTag = "latest";
+        };
+
+        copyToRoot = pkgs.buildEnv {
+          name = "image-root";
+          paths = [pkgs.ffmpeg];
+          pathsToLink = ["/bin"];
+        };
+        config.Cmd = ["node" "index.js"];
+      };
+
+      workdir = "/home/syncuser/sync";
+      extraOptions = ["--mount=type=bind,source=${yamlConfig},target=/home/syncuser/sync/config.yaml" "--network=host"];
+    };
+
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "${config.services.mysql.dataDir}";
+        user = "${config.services.mysql.user}";
+        group = "${config.services.mysql.group}";
+      }
+    ];
+
+    services.caddy = {
+      virtualHosts."tube.tzlil.net".extraConfig = ''
+        bind 0.0.0.0
+        handle /socket.io/* {
+          reverse_proxy :8081
+        }
+        reverse_proxy :8080
+      '';
+    };
+  };
+}
diff --git a/hosts/vps/services/hydrus.nix b/hosts/vps/services/hydrus.nix
index c967fbc..1c5f30c 100644
--- a/hosts/vps/services/hydrus.nix
+++ b/hosts/vps/services/hydrus.nix
@@ -41,7 +41,6 @@
       };
     };
 
-    security.lockKernelModules = lib.mkForce false;
     virtualisation.oci-containers.containers.hydrus-web = {
       ports = ["100.67.217.90:8080:80"];
       image = "ghcr.io/floogulinc/hydrus-web:dev";
diff --git a/hosts/vps/services/matrix.nix b/hosts/vps/services/matrix.nix
index a56b489..66adaed 100644
--- a/hosts/vps/services/matrix.nix
+++ b/hosts/vps/services/matrix.nix
@@ -93,9 +93,9 @@
       ensureUsers = [
         {
           name = "dendrite";
-          ensurePermissions = {
-            "DATABASE dendrite" = "ALL PRIVILEGES";
-          };
+          # ensurePermissions = {
+          # "DATABASE dendrite" = "ALL PRIVILEGES";
+          # };
         }
       ];
 
diff --git a/hosts/vps/services/website.nix b/hosts/vps/services/website.nix
index 1cdd33e..8aa51b0 100644
--- a/hosts/vps/services/website.nix
+++ b/hosts/vps/services/website.nix
@@ -42,46 +42,46 @@
           bind 0.0.0.0
           handle_path / {
             try_files ${pkgs.writeText "index.html" ''
-             <style>
-             @media (prefers-color-scheme: dark) {
-                 body { background-color: #121212; color: #d4d4d4; }
-                 a { color: #7878ff; }
-                 a:visited { color: #6464fa; }
-             }
-	     .mail:before {
-	       content: attr(b) "\0040" attr(a);
-	       unicode-bidi: bidi-override;
-	       direction: rtl;
-             </style>
-             <pre>
-            ~?~+=I?~~IIIII++,:   .?= .,I=O8OZ.DNNO, ZD7:::=.? ,,:,,I,,:,~+?II?I?II?=+=~+7$ZO
-            ?==++??==+I???7..:.   :II$77?I+ID~NND8.ZMN7~=~I7:,., :?7,.,.~+?I???????,+~7+$ZOZ
-            7+===I+~===?I77:  ?   ,$7$.:.,I?=7NNNINMMMNOI=++ .~==I$7, ..++?I???I+=?.+:O+ZZOZ
-            ===++I+==?III??I,?,   ~I7NN,..  ??ONNNMMMD$777$7I$ZOO$7?....+=????I~=+,:+,O8DNMM
-            ~=~==7II=+I?II7I,I+,8Z.II8D+=~:.,7$NMMMMMN8$7~. ..  :88I. ..?=?++I:~+=.~~~NMMMNN
-            ~====II?I~+?I?$7I?~8D7+7$ZZNONDN8Z8NMMMMMMNNON:=. :,$.I7  .,+=??I:,=, .:,=DNNMMN
-            =+?==+==?~+=I?$$I+88D:I$8NMNDDNNNDNNNMMMMMMMMM8I$77=MMDO.  :~=+?,,,   .~,?8DDD8D
-            =~=+==I7I=IIIIO$=~OOD=I7ODNNNNMNNDNDNMMMMMMMMNO$O+OZ 78.,.I::++:..   .,::=888OOO
-            ===I=I?~=?I???$I$?OODZ=7Z8NDONNN7D88MMMMMMMMMMNNNN8DNN~..~:7,,+7?,:,:::+8=Z888OO
-            ~+===7?=??I????7Z7ZOD8I777$+NNN:OOZOMMMMMMMMMMMMMMNMM+..~=?=O:+?::=+~:~+IDD888OZ
-            I==II??=I???=::7OI?O88Z=I~,?ZDD,Z$IDMMMMMMMMMMMMMMMM:$$?.~?+=?:,~+?I??==+++I8OOO
-            ==+++??+=.,~,~:7Z$?7I77$=. $I$8I$7+~8NMMMMMMMMMMMMDDMN$ ,:+?=.~==?II+++=+=?II+OZ
-            ==+?+I?,=:+?=~~??I++~7$$$= 777Z,$Z$$ONNMMMMMMMMMMMMMM8? .~=?:.==+?I~+?=+=??II?I8
-            ?=+?I:=~??II=~~, II?+ 7$7?=?77$?$Z:8NMMMNMMMMMMMMMMMD7 ,,===::~=?II.??++?++III+~
-            ??+.I+I=+I+??=~=~ =I+:?7$77?$$$ZI7Z8DM7NMMNMMMMMMMMOI. .,=~~.~~+I?:???==~????II?
-            I??:==?I++I?~==+=~:.?I7I77$?IZ$ZODDOIDNNNNNMMMMNM8?.:. ,,+=,::~+==II=~,=?+?IIIII
-            ??I:?=,=+++?II+=:,:, +77777$$777ODDMMNO~DNNNDD8?..::: .,,+~.,::=??????=+?IIIII?I
-            ????++=~:=?IIIII=~:: ~~+II77$$7$ZO8NMMMND.+:   .=7+=~ ,,:?...~II??+??I?+??IIII?I
-            ??III7II+~:?II7+II?, ~,:,~7777$$$I$8DNMMNO   .~I  .Z:.,:~: ,+???+=,IIIIII??IIIII
-            ???I7I:,~=:,+II+=~I??:.,,,.:77777777$ODMM8 .:+ZI. ,~,..~~ :II?==~:?II??IIIIIIIII
-            No matter where you go, everyone's connected
+                    <style>
+                    @media (prefers-color-scheme: dark) {
+                        body { background-color: #121212; color: #d4d4d4; }
+                        a { color: #7878ff; }
+                        a:visited { color: #6464fa; }
+                    }
+             .mail:before {
+               content: attr(b) "\0040" attr(a);
+               unicode-bidi: bidi-override;
+               direction: rtl;
+                    </style>
+                    <pre>
+                   ~?~+=I?~~IIIII++,:   .?= .,I=O8OZ.DNNO, ZD7:::=.? ,,:,,I,,:,~+?II?I?II?=+=~+7$ZO
+                   ?==++??==+I???7..:.   :II$77?I+ID~NND8.ZMN7~=~I7:,., :?7,.,.~+?I???????,+~7+$ZOZ
+                   7+===I+~===?I77:  ?   ,$7$.:.,I?=7NNNINMMMNOI=++ .~==I$7, ..++?I???I+=?.+:O+ZZOZ
+                   ===++I+==?III??I,?,   ~I7NN,..  ??ONNNMMMD$777$7I$ZOO$7?....+=????I~=+,:+,O8DNMM
+                   ~=~==7II=+I?II7I,I+,8Z.II8D+=~:.,7$NMMMMMN8$7~. ..  :88I. ..?=?++I:~+=.~~~NMMMNN
+                   ~====II?I~+?I?$7I?~8D7+7$ZZNONDN8Z8NMMMMMMNNON:=. :,$.I7  .,+=??I:,=, .:,=DNNMMN
+                   =+?==+==?~+=I?$$I+88D:I$8NMNDDNNNDNNNMMMMMMMMM8I$77=MMDO.  :~=+?,,,   .~,?8DDD8D
+                   =~=+==I7I=IIIIO$=~OOD=I7ODNNNNMNNDNDNMMMMMMMMNO$O+OZ 78.,.I::++:..   .,::=888OOO
+                   ===I=I?~=?I???$I$?OODZ=7Z8NDONNN7D88MMMMMMMMMMNNNN8DNN~..~:7,,+7?,:,:::+8=Z888OO
+                   ~+===7?=??I????7Z7ZOD8I777$+NNN:OOZOMMMMMMMMMMMMMMNMM+..~=?=O:+?::=+~:~+IDD888OZ
+                   I==II??=I???=::7OI?O88Z=I~,?ZDD,Z$IDMMMMMMMMMMMMMMMM:$$?.~?+=?:,~+?I??==+++I8OOO
+                   ==+++??+=.,~,~:7Z$?7I77$=. $I$8I$7+~8NMMMMMMMMMMMMDDMN$ ,:+?=.~==?II+++=+=?II+OZ
+                   ==+?+I?,=:+?=~~??I++~7$$$= 777Z,$Z$$ONNMMMMMMMMMMMMMM8? .~=?:.==+?I~+?=+=??II?I8
+                   ?=+?I:=~??II=~~, II?+ 7$7?=?77$?$Z:8NMMMNMMMMMMMMMMMD7 ,,===::~=?II.??++?++III+~
+                   ??+.I+I=+I+??=~=~ =I+:?7$77?$$$ZI7Z8DM7NMMNMMMMMMMMOI. .,=~~.~~+I?:???==~????II?
+                   I??:==?I++I?~==+=~:.?I7I77$?IZ$ZODDOIDNNNNNMMMMNM8?.:. ,,+=,::~+==II=~,=?+?IIIII
+                   ??I:?=,=+++?II+=:,:, +77777$$777ODDMMNO~DNNNDD8?..::: .,,+~.,::=??????=+?IIIII?I
+                   ????++=~:=?IIIII=~:: ~~+II77$$7$ZO8NMMMND.+:   .=7+=~ ,,:?...~II??+??I?+??IIII?I
+                   ??III7II+~:?II7+II?, ~,:,~7777$$$I$8DNMMNO   .~I  .Z:.,:~: ,+???+=,IIIIII??IIIII
+                   ???I7I:,~=:,+II+=~I??:.,,,.:77777777$ODMM8 .:+ZI. ,~,..~~ :II?==~:?II??IIIIIIIII
+                   No matter where you go, everyone's connected
 
-            <a href="https://fm.tzlil.net">fm.tzlil.net</a> music
-            <a href="https://git.tzlil.net">git.tzlil.net</a> code
-            <a href="/arXiv">arXiv randomizer</a>
-	    matrix @tzlil:tzlil.net
-	    email tzlils protonmail com
-            </pre>
+                   <a href="https://fm.tzlil.net">fm.tzlil.net</a> music
+                   <a href="https://git.tzlil.net">git.tzlil.net</a> code
+                   <a href="/arXiv">arXiv randomizer</a>
+            matrix @tzlil:tzlil.net
+            email tzlils protonmail com
+                   </pre>
           ''} /
             file_server
           }