configuration: extract nixos config into more files

This reverts commit b0d1b2fbff.

hosts/phantom/default.nix

@@ -10,11 +10,12 @@
     ./syncthing.nix
     ./users.nix
     ./writefreely.nix
+    ./renawiki.nix
     ./email.nix
     ./forgejo.nix
   ];
 
-  services.nginx.virtualHosts."lelgenio.com" = {
+  services.nginx.virtualHosts."lelgenio.xyz" = {
     enableACME = true;
     forceSSL = true;
     root = pkgs.runCommand "www-dir" { } ''
@@ -50,7 +51,7 @@
     dates = "04:40";
     operation = "switch";
     flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ];
-    flake = "git+https://git.lelgenio.com/lelgenio/nixos-config#phantom";
+    flake = "git+https://git.lelgenio.xyz/lelgenio/nixos-config#phantom";
   };
 
   system.stateVersion = "23.05"; # Never change this

hosts/phantom/email.nix

@@ -1,4 +1,4 @@
-{ pkgs, inputs, config, ... }: {
+{ pkgs, inputs, ... }: {
   # It's important to let Digital Ocean set the hostname so we get rDNS to work
   networking.hostName = "";
 
@@ -8,47 +8,32 @@
 
   mailserver = {
     enable = true;
-    fqdn = "lelgenio.com";
+    fqdn = "lelgenio.xyz";
     domains = [
       "lelgenio.xyz"
       "git.lelgenio.xyz"
-      "lelgenio.com"
-      "git.lelgenio.com"
-      "social.lelgenio.com"
     ];
     certificateScheme = "acme-nginx";
     # Create passwords with
     # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
     loginAccounts = {
-      "lelgenio@lelgenio.com" = {
-        hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
-        aliases = [ "postmaster@lelgenio.com" ];
-      };
       "lelgenio@lelgenio.xyz" = {
         hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
         aliases = [ "postmaster@lelgenio.xyz" ];
       };
-      "noreply@git.lelgenio.com" = {
+      "noreply@git.lelgenio.xyz" = {
         hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
       };
-      "noreply@social.lelgenio.com" = {
-        hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
-      };
     };
   };
 
-  # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
-  services.postfix.extraConfig = ''
-    smtp_address_preference = ipv4
-  '';
-
   # Webmail
-  services.roundcube = {
+  services.roundcube = rec {
     enable = true;
     package = pkgs.roundcube.withPlugins (p: [ p.carddav ]);
-    hostName = "mail.lelgenio.com";
+    hostName = "mail.lelgenio.xyz";
     extraConfig = ''
-      $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
+      $config['smtp_host'] = "tls://${hostName}:587";
       $config['smtp_user'] = "%u";
       $config['smtp_pass'] = "%p";
       $config['plugins'] = [ "carddav", "archive" ];

hosts/phantom/forgejo.nix

@@ -26,15 +26,15 @@ in
         DEFAULT_ACTIONS_URL = "github";
       };
       server = {
-        DOMAIN = "git.lelgenio.com";
+        DOMAIN = "git.lelgenio.xyz";
         HTTP_PORT = 3000;
         ROOT_URL = "https://${srv.DOMAIN}/";
       };
       mailer = {
         ENABLED = true;
-        SMTP_ADDR = "mail.lelgenio.com";
-        FROM = "noreply@git.lelgenio.com";
-        USER = "noreply@git.lelgenio.com";
+        SMTP_ADDR = "mail.lelgenio.xyz";
+        FROM = "noreply@git.lelgenio.xyz";
+        USER = "noreply@git.lelgenio.xyz";
       };
     };
     mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;

hosts/phantom/mastodon.nix

@@ -2,22 +2,10 @@
   services.mastodon = {
     enable = true;
     configureNginx = true;
-    localDomain = "social.lelgenio.com";
-    smtp = {
-      authenticate = true;
-      host = "lelgenio.com";
-      fromAddress = "noreply@social.lelgenio.com";
-      user = "noreply@social.lelgenio.com";
-      passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
-    };
+    localDomain = "social.lelgenio.xyz";
+    smtp.fromAddress = "lelgenio@disroot.org";
     streamingProcesses = 2;
     extraConfig.SINGLE_USER_MODE = "true";
     mediaAutoRemove.olderThanDays = 10;
   };
-
-  age.secrets.phantom-mastodon-mailer-password = {
-    file = ../../secrets/phantom-mastodon-mailer-password.age;
-    mode = "400";
-    owner = "mastodon";
-  };
 }

hosts/phantom/nextcloud.nix

@@ -2,7 +2,7 @@
   services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud27;
-    hostName = "cloud.lelgenio.com";
+    hostName = "cloud.lelgenio.xyz";
     https = true;
     config = {
       adminpassFile = config.age.secrets.phantom-nextcloud.path;

hosts/phantom/nginx.nix

@@ -1,23 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, inputs, ... }: {
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
   };
 
-  # Redirect *lelgenio.xyz -> *lelgenio.com
-  services.nginx.virtualHosts = lib.mapAttrs'
-    (key: value: lib.nameValuePair "${key}lelgenio.xyz" value)
-    (
-      lib.genAttrs [ "" "social." "blog." "cloud." "mail." "git." "syncthing." ] (name: {
-        enableACME = true;
-        forceSSL = true;
-        locations."/".return = "301 $scheme://${name}lelgenio.com$request_uri";
-      })
-    );
-
   security.acme = {
     acceptTerms = true;
     defaults.email = "lelgenio@disroot.org";

hosts/phantom/renawiki.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, inputs, ... }: {
+  services.mediawiki = {
+    enable = true;
+    name = "Rena Wiki";
+
+    webserver = "nginx";
+    nginx.hostName = "renawiki.lelgenio.xyz";
+    passwordFile = config.age.secrets.phantom-renawiki.path;
+
+    extensions.VisualEditor = null;
+  };
+  services.nginx.virtualHosts."renawiki.lelgenio.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  age.secrets.phantom-renawiki = {
+    file = ../../secrets/phantom-renawiki.age;
+    mode = "400";
+    owner = "mediawiki";
+  };
+}
+

hosts/phantom/syncthing.nix

@@ -7,7 +7,7 @@
     openDefaultPorts = true;
   };
 
-  services.nginx.virtualHosts."syncthing.lelgenio.com" = {
+  services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
     enableACME = true;
     forceSSL = true;
     locations."/" = {

hosts/phantom/writefreely.nix

@@ -4,7 +4,7 @@
     acme.enable = true;
     nginx.enable = true;
     nginx.forceSSL = true;
-    host = "blog.lelgenio.com";
+    host = "blog.lelgenio.xyz";
     admin.name = "lelgenio";
     admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
     settings.app = {

secrets/phantom-mastodon-mailer-password.age

@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa BwwxHg
-Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
-/WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
-eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
-WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
-bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
-MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
-ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
-CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
-
---- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
-ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ‘ 'ÂJŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±
<01>ˆ„á-Î<x—íõÉ’|

secrets/secrets.nix

@@ -12,5 +12,4 @@ in
   "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
   "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
   "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
-  "phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
 }

switch-phantom

@@ -2,7 +2,7 @@
 
 nix fmt
 
-git --no-pager diff
+git diff
 
 nixos-rebuild switch --flake .#phantom \
   --update-input nixpkgs \

system/greetd.nix

@@ -17,7 +17,6 @@ in
     # enable sway window manager
     programs.sway = {
       enable = true;
-      package = pkgs.mySway;
       wrapperFeatures.gtk = true;
     };
 

user/kakoune/hooks.kak

@@ -47,7 +47,7 @@ hook global BufOpenFile .*/COMMIT_EDITMSG %{
 hook global RegisterModified '"' %{ nop %sh{ {
     printf %s "$kak_reg_dquote" | wl-copy -n
     printf %s "$kak_reg_dquote" | xclip -i -selection clipboard
-} > /dev/null 2>&1 < /dev/null & }} -group sync-clipboard
+} > /dev/null 2>&1 < /dev/null & }}
 
 # Trim trailing whitespace
 hook global BufWritePre .* %{ try %{