nixos-dotfiles

nixos-dotfiles

https://git.tonybtw.com/nixos-dotfiles.git git://git.tonybtw.com/nixos-dotfiles.git

Added nginx server, and public secrets

Commit
d1e9f69ef52a270033988a7c6898ebf00ca0bcea
Parent
1308b11
Author
tonybanters <tonyoutoften@gmail.com>
Date
2026-01-27 07:35:31

Diff

diff --git a/.gitignore b/.gitignore
index 422d342..c45e613 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
 .bashrc.local
 notes
-server/secrets.nix
 result
diff --git a/configuration.nix b/configuration.nix
index 4cf498d..6501829 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -235,7 +235,7 @@ in {
     obs-studio
     evil-helix
     zed-editor
-    kdePackages.kdenlive
+    # kdePackages.kdenlive  # TODO: broken in nixpkgs - shaderc linking issue
     mpv
     gajim
   ];
diff --git a/server/guandanbtw.nix b/server/guandanbtw.nix
index e44caa2..8744b37 100644
--- a/server/guandanbtw.nix
+++ b/server/guandanbtw.nix
@@ -13,18 +13,18 @@
     wantedBy = [ "multi-user.target" ];
     after = [ "network.target" ];
     serviceConfig = {
-      ExecStart = "/var/lib/guandanbtw/server";
-      WorkingDirectory = "/var/lib/guandanbtw";
+      ExecStart = "/www/sites/guandanbtw/server/bin/guandanbtw";
+      WorkingDirectory = "/www/sites/guandanbtw/server";
       Restart = "always";
       User = "guandanbtw";
       Group = "guandanbtw";
     };
   };
 
-  services.nginx.virtualHosts."guandanbtw.com" = {
+  services.nginx.virtualHosts."guandan.dev" = {
     enableACME = true;
     forceSSL = true;
-    root = "/var/lib/guandanbtw/static";
+    root = "/www/sites/guandanbtw/client/dist";
     locations."/" = {
       tryFiles = "$uri $uri/ /index.html";
     };
diff --git a/server/znc.nix b/server/znc.nix
index 6b18b88..9886819 100644
--- a/server/znc.nix
+++ b/server/znc.nix
@@ -1,16 +1,17 @@
 { config, ... }:
-let
-  secrets = import ./secrets.nix;
-in {
+{
   services.znc = {
     enable = true;
     openFirewall = true;
-    mutable = true;
+    mutable = false;
     useLegacyConfig = false;
     config = {
-      Port = 6697;
       SSLCertFile = "/var/lib/acme/znc.tonybtw.com/full.pem";
       LoadModule = [ "webadmin" "adminlog" ];
+      Listener.l = {
+        Port = 6697;
+        SSL = true;
+      };
       User.tony = {
         Admin = true;
         Nick = "tonybtw";
@@ -27,8 +28,8 @@ in {
         };
         Pass.password = {
           Method = "sha256";
-          Hash = secrets.znc.hash;
-          Salt = secrets.znc.salt;
+          Hash = "97ffb83f9bd78b863e473a271a3a5560d392c8879ae92c8db29a59e42e6d09e0";
+          Salt = "F-vUQiMO?R0EPUEtk*Gt";
         };
       };
     };
@@ -43,6 +44,7 @@ in {
   };
 
   security.acme.certs."znc.tonybtw.com".group = "znc";
+  users.users.nginx.extraGroups = [ "znc" ];
 
   networking.firewall.allowedTCPPorts = [ 6697 ];
 }