Refactor: Use better file layout

13 files changed, 227 insertions, 4 deletions

diff --git a/system/default.nix b/system/default.nix
index 2af4982..9aa5d9e 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -1,8 +1,9 @@
 {config, ...}: {
   imports = [
-    ./system/fileSystemLayouts.nix
-    ./system/hardware.nix
-    ./system/packages.nix
-    ./system/users.nix
+    ./file_system_layouts
+    ./hardware
+    ./packages
+    ./services
+    ./users
   ];
 }
diff --git a/system/system/fileSystemLayouts.nix b/system/file_system_layouts/default.nix
index 9d03a05..9d03a05 100644
--- a/system/system/fileSystemLayouts.nix
+++ b/system/file_system_layouts/default.nix
diff --git a/system/system/hardware.nix b/system/hardware/default.nix
index c4c7dc9..c4c7dc9 100644
--- a/system/system/hardware.nix
+++ b/system/hardware/default.nix
diff --git a/system/mail/default.nix b/system/mail/default.nix
new file mode 100644
index 0000000..b09f8f1
--- /dev/null
+++ b/system/mail/default.nix
@@ -0,0 +1,27 @@
+# vim: ts=2
+{...}: {
+  enable = true;
+  fqdn = "server1.vhack.eu";
+  domains = ["vhack.eu"];
+
+  mailDirectory = "/srv/mail/vmail";
+  dkimKeyDirectory = "/srv/mail/dkim";
+  backup.snapshotRoot = "/srv/mail/backup";
+
+  loginAccounts = {
+    "sils@vhack.eu" = {
+      hashedPasswordFile = "/srv/mail/.secrets/silsmailpswd";
+    };
+  };
+
+  extraVirtualAliases = {
+    "abuse@vhack.eu" = ["sils@vhack.eu"];
+    "postmaster@vhack.eu" = ["sils@vhack.eu"];
+    "admin@vhack.eu" = ["sils@vhack.eu"];
+  };
+
+  sieveDirectory = "/srv/mail/sieve";
+  keyFile = "/var/lib/acme/server1.vhack.eu/key.pem";
+  certificateScheme = 1;
+  certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem";
+}
diff --git a/system/system/packages.nix b/system/packages/default.nix
index 4d33c6e..4d33c6e 100644
--- a/system/system/packages.nix
+++ b/system/packages/default.nix
diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix
new file mode 100644
index 0000000..a163e77
--- /dev/null
+++ b/system/services/acme/default.nix
@@ -0,0 +1,30 @@
+{...}: {
+  users.users.nginx.extraGroups = ["acme"];
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "acmechallenge.vhack.eu" = {
+        serverAliases = ["*.vhack.eu"];
+        locations."/.well-known/acme-challenge" = {
+          root = "/var/lib/acme/.challenges";
+        };
+        locations."/" = {
+          return = "301 https://$host$request_uri";
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin@vhack.eu";
+    certs = {
+      "server1.vhack.eu" = {
+        webroot = "/var/lib/acme/.challenges";
+        group = "nginx";
+        extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"];
+      };
+    };
+  };
+}
diff --git a/system/services/default.nix b/system/services/default.nix
new file mode 100644
index 0000000..acf20f5
--- /dev/null
+++ b/system/services/default.nix
@@ -0,0 +1,9 @@
+{config, ...}: {
+  imports = [
+    ./acme
+    ./nginx
+    ./nix
+    ./opensshd
+    ./rust-motd
+  ];
+}
diff --git a/system/services/minecraft/default.nix b/system/services/minecraft/default.nix
new file mode 100644
index 0000000..754c974
--- /dev/null
+++ b/system/services/minecraft/default.nix
@@ -0,0 +1,26 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  users = {
+    groups.minecraft = {};
+    users.minecraft = {
+      isSystemUser = true;
+      group = "minecraft";
+    };
+  };
+  systemd.services.minecraft = {
+    wantedBy = ["multi-user.target"];
+    after = "network.target";
+    description = "Minecraft Server";
+    serviceConfig = {
+      WorkingDirectory = "/srv/minecraft";
+      User = "minecraft";
+      Group = "minecraft";
+      Restart = "always";
+      ExecStart = "${pkgs.openjdk}/bin/java -Xms10G -Xmx10G -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true -jar paper.jar --nogui";
+      SyslogIdentifier = "minecraft-server";
+    };
+  };
+}
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
new file mode 100644
index 0000000..204783b
--- /dev/null
+++ b/system/services/nginx/default.nix
@@ -0,0 +1,15 @@
+{...}: {
+  networking.firewall = {
+    allowedTCPPorts = [80 443];
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "vhack.eu" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/srv/www/vhack.eu";
+      };
+    };
+  };
+}
diff --git a/system/services/nix/default.nix b/system/services/nix/default.nix
new file mode 100644
index 0000000..bd562ec
--- /dev/null
+++ b/system/services/nix/default.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  nix = {
+    #    gc = {
+    #      automatic = true;
+    #      dates = "daily";
+    #      options = "--delete-older-than 3";
+    #    };
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+}
diff --git a/system/services/opensshd/default.nix b/system/services/opensshd/default.nix
new file mode 100644
index 0000000..cb9f2ba
--- /dev/null
+++ b/system/services/opensshd/default.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  pkg,
+  ...
+}: {
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    hostKeys = [
+      {
+        comment = "key comment";
+        path = "/srv/sshd/ssh_host_ed25519_key";
+        rounds = 1000;
+        type = "ed25519";
+      }
+    ];
+  };
+}
diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix
new file mode 100644
index 0000000..21bc1cd
--- /dev/null
+++ b/system/services/rust-motd/default.nix
@@ -0,0 +1,79 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  programs.rust-motd = {
+    enable = true;
+    enableMotdInSSHD = true;
+    refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20)
+    settings = {
+      global = {
+        progress_full_character = "=";
+        progress_empty_character = "-";
+        progress_prefix = "[";
+        progress_suffix = "]";
+        time_format = "%Y-%m-%d %H:%M:%S";
+      };
+
+      banner = {
+        color = "red";
+        command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant";
+        # if you don't want a dependency on figlet, you can generate your
+        # banner however you want, put it in a file, and then use something like:
+        # command = "cat banner.txt"
+      };
+
+      # [weather]
+      # url = "https://wttr.in/New+York,New+York?0"
+      # proxy = "http://proxy:8080"
+
+      # [service_status]
+      # Accounts = "accounts-daemon"
+      # Cron = "cron"
+
+      # [docker_status]
+      # Local containers MUST start with a slash
+      # https://github.com/moby/moby/issues/6705
+      #"/nextcloud-nextcloud-1" = "Nextcloud"
+      #"/nextcloud-nextcloud-mariadb-1" = "Nextcloud Database"
+
+      uptime = {
+        prefix = "Uptime:";
+      };
+
+      # [user_service_status]
+      # gpg-agent = "gpg-agent"
+
+      #s_s_l_certs = {
+      # sort_method = "manual"
+      #
+      #    certs = {
+      #    CertName1 = "/path/to/cert1.pem"
+      #    CertName2 = "/path/to/cert2.pem"
+      # }
+      #};
+
+      filesystems = {
+        root = "/";
+      };
+
+      memory = {
+        swap_pos = "beside"; # or "below" or "none"
+      };
+
+      fail2_ban = {
+        jails = ["sshd"]; #, "anotherjail"]
+      };
+
+      last_login = {
+        sils = 2;
+        soispha = 2;
+        nightingale = 2;
+      };
+
+      last_run = {
+      };
+    };
+  };
+}
diff --git a/system/system/users.nix b/system/users/default.nix
index 34e1648..34e1648 100644
--- a/system/system/users.nix
+++ b/system/users/default.nix