# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: let traque-pkg = pkgs.callPackage ./traque-pkg.nix { }; in { imports = [ ./hardware-configuration.nix ./disks.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "bcachefs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; time.timeZone = "Europe/Paris"; networking = { interfaces."enp1s0" = { useDHCP = false; ipv4.addresses = [ { address = "192.168.122.4"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "fe80::4"; prefixLength = 64; } ]; }; defaultGateway = "192.168.122.1"; defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; }; nameservers = [ "192.168.122.1" "fe80::1%enp1s0" ]; }; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; services.dbus.packages = with pkgs; [ dconf ]; nixpkgs.config.allowUnfree = true; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ wget nix-search-cli git btop ranger screen ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.openssh.enable = true; networking.firewall.enable = false; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = { enable = true; virtualHosts = { "traque.katvayor.net" = { enableACME = true; addSSL = true; locations."/".extraConfig = '' return 301 https://traque.dgnum.eu$request_uri; ''; }; "traque.dgnum.eu" = { enableACME = true; addSSL = true; locations = { "= /" = { alias = "${traque-pkg}/share/traque-webroot/"; }; "/" = { root = "${traque-pkg}/share/traque-webroot"; tryFiles = "$uri $uri.html @backend"; }; "@backend" = { recommendedProxySettings = true; proxyPass = "http://localhost:8080"; extraConfig = '' error_page 502 =503 "/errors/503.html"; proxy_set_header Connection '''; proxy_http_version 1.1; chunked_transfer_encoding off; proxy_buffering off; proxy_cache off; ''; }; }; }; "test.traque.katvayor.net" = { enableACME = true; addSSL = true; locations = { "= /" = { alias = "/traque/static/"; }; "/" = { root = "/traque/static"; tryFiles = "$uri $uri.html @backend"; }; "@backend" = { recommendedProxySettings = true; proxyPass = "http://localhost:8000"; extraConfig = '' error_page 502 =503 "/errors/503.html"; proxy_set_header Connection '''; proxy_http_version 1.1; chunked_transfer_encoding off; proxy_buffering off; proxy_cache off; ''; }; }; }; }; }; systemd.services = { traque = { path = [ pkgs.outils ]; preStart = let token-file = "/var/lib/traque/token"; NPCs = [ "PNJ 0" "PNJ 1" ]; Players = [ "Équipe 00" "Équipe 01" ]; id-gen = name: ''sha1 <<< "$(cat ${token-file})${name}" | cut -c 1-10''; in '' cat < /var/lib/traque/Rocket.toml [release] port = 8080 ident = "Traque backend" template_dir = "${traque-pkg}/share/traque-templates" blurred_move = [0.0005, 0.0005] bonus_timeout = 120000 event_timeout = 100 fairness_timeout = 30000 admin_token = "$(cat ${token-file})" serve_static = false teams = [ ${ lib.concatStringsSep ",\n " ( map (npc: ''{ id = "$(${id-gen npc})", name = "${npc}", vieux = true }'') NPCs ++ map (player: ''{ id = "$(${id-gen player})", name = "${player}", vieux = false}'') Players ) } ] EOF ''; serviceConfig = { WorkingDirectory = "/var/lib/traque"; ExecStart = "${traque-pkg}/bin/traque"; ExecReload = [ "${pkgs.coreutils}/bin/kill -HUP $MAINPID" ]; User = "traque"; Group = "traque"; DynamicUser = true; Restart = "on-failure"; RestartSec = 2; LogsDirectory = "traque"; StateDirectory = "traque"; RuntimeDirectory = "traque"; }; }; }; users = { users.traque = { group = "traque"; isSystemUser = true; }; groups.traque = { }; }; system.stateVersion = "23.11"; # Did you read the comment? }