domain config
This commit is contained in:
parent
d136aa65c5
commit
2435182a68
14 changed files with 65 additions and 84 deletions
|
@ -1,6 +1,6 @@
|
||||||
{ lib, config, inputs, pkgs, ... }:
|
{ lib, config, inputs, pkgs, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -31,7 +31,6 @@ in {
|
||||||
extraGroups = [ "wheel" "docker" ];
|
extraGroups = [ "wheel" "docker" ];
|
||||||
shell = pkgs.xonsh;
|
shell = pkgs.xonsh;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
hyfetch
|
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
|
openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
|
||||||
};
|
};
|
||||||
|
@ -39,6 +38,7 @@ in {
|
||||||
programs.xonsh.enable = true;
|
programs.xonsh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
wget
|
||||||
|
hyfetch
|
||||||
vulnix
|
vulnix
|
||||||
tree
|
tree
|
||||||
file
|
file
|
||||||
|
@ -74,12 +74,12 @@ in {
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||||
|
|
||||||
virtualHosts."${root_host}" = {
|
virtualHosts."${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = lib.mkForce false; # use the correct cert, not some weird one that matrix-synapse module supplies
|
enableACME = lib.mkForce false; # use the correct cert, not some weird one that matrix-synapse module supplies
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
root = "/var/www/${root_host}";
|
root = "/var/www/${domain}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -91,7 +91,7 @@ in {
|
||||||
system.stateVersion = "unstable";
|
system.stateVersion = "unstable";
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
networking.hostName = "grimmauld-nixos-server";
|
networking.hostName = "grimmauld-nixos-server";
|
||||||
networking.domain = "";
|
networking.domain = "grimmauld.de";
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
# users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
|
# users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,6 @@
|
||||||
./modules/email.nix
|
./modules/email.nix
|
||||||
./modules/discord-matrix-bridge.nix
|
./modules/discord-matrix-bridge.nix
|
||||||
./modules/mastodon.nix
|
./modules/mastodon.nix
|
||||||
# ./modules/folding.nix
|
|
||||||
./modules/toolchains.nix
|
./modules/toolchains.nix
|
||||||
# ./modules/ptero.nix
|
# ./modules/ptero.nix
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ config, lib, pkgs, ...}: let
|
{ config, lib, pkgs, ...}: let
|
||||||
root_host = "grimmauld.de";
|
|
||||||
bridge_port = 9005; # netstat -nlp | grep 9005
|
bridge_port = 9005; # netstat -nlp | grep 9005
|
||||||
in {
|
in {
|
||||||
nixpkgs.overlays = [ (final: prev: { matrix-appservice-discord = prev.matrix-appservice-discord.overrideAttrs (old: {
|
nixpkgs.overlays = [ (final: prev: { matrix-appservice-discord = prev.matrix-appservice-discord.overrideAttrs (old: {
|
||||||
|
@ -27,8 +26,8 @@ in {
|
||||||
};
|
};
|
||||||
bridge = {
|
bridge = {
|
||||||
enableSelfServiceBridging = true;
|
enableSelfServiceBridging = true;
|
||||||
domain = root_host;
|
inherit (config.networking) domain;
|
||||||
homeserverUrl = "https://${root_host}";
|
homeserverUrl = "https://${config.networking.domain}";
|
||||||
disablePresence = true;
|
disablePresence = true;
|
||||||
disableTypingNotifications = true;
|
disableTypingNotifications = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,27 +1,27 @@
|
||||||
{ ... }:
|
{ config, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
mail_host = "mail.${root_host}";
|
mail_host = "mail.${domain}";
|
||||||
in {
|
in {
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ mail_host ];
|
security.acme.certs."${domain}".extraDomainNames = [ mail_host ];
|
||||||
|
|
||||||
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
|
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
|
||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = mail_host;
|
fqdn = mail_host;
|
||||||
domains = [ root_host ];
|
domains = [ domain ];
|
||||||
|
|
||||||
# A list of all login accounts. To create the password hashes, use
|
# A list of all login accounts. To create the password hashes, use
|
||||||
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"contact@${root_host}" = {
|
"contact@${domain}" = {
|
||||||
hashedPasswordFile = ./mailpass/contact;
|
hashedPasswordFile = ./mailpass/contact;
|
||||||
aliases = ["kontakt@${root_host}"];
|
aliases = ["kontakt@${domain}"];
|
||||||
};
|
};
|
||||||
"admin@${root_host}" = {
|
"admin@${domain}" = {
|
||||||
hashedPasswordFile = ./mailpass/admin;
|
hashedPasswordFile = ./mailpass/admin;
|
||||||
};
|
};
|
||||||
"grimmauld@${root_host}" = {
|
"grimmauld@${domain}" = {
|
||||||
hashedPasswordFile = ./mailpass/grimmauld;
|
hashedPasswordFile = ./mailpass/grimmauld;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -29,8 +29,8 @@ in {
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
# down nginx and opens port 80.
|
# down nginx and opens port 80.
|
||||||
certificateScheme = "manual";
|
certificateScheme = "manual";
|
||||||
certificateFile = "/var/lib/acme/${root_host}/fullchain.pem";
|
certificateFile = "/var/lib/acme/${domain}/fullchain.pem";
|
||||||
keyFile = "/var/lib/acme/${root_host}/key.pem";
|
keyFile = "/var/lib/acme/${domain}/key.pem";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -38,9 +38,9 @@ in {
|
||||||
virtualHosts."${mail_host}" = { # you should NOT be here from a browser :P
|
virtualHosts."${mail_host}" = { # you should NOT be here from a browser :P
|
||||||
serverName = mail_host;
|
serverName = mail_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
return = "307 https://${root_host}";
|
return = "307 https://${domain}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
{ pkgs, stable, ... }: let
|
|
||||||
inherit (pkgs) fetchurl;
|
|
||||||
in {
|
|
||||||
nixpkgs.overlays = [ (final: prev: {
|
|
||||||
fahclient = prev.pkgs.callPackage (fetchurl {
|
|
||||||
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/e655eb33b2e83aebf39b30535e8990e45e27588b/pkgs/applications/science/misc/foldingathome/client.nix";
|
|
||||||
hash = "sha256-LPFWAubPvmCuO25DE3MZ1JCk4MtHA7uhEKdpsAtkbsI=";
|
|
||||||
}) {};
|
|
||||||
})];
|
|
||||||
services.foldingathome = {
|
|
||||||
enable = true;
|
|
||||||
daemonNiceLevel = 19;
|
|
||||||
user = "Grimmauld";
|
|
||||||
package = pkgs.fahclient;
|
|
||||||
};
|
|
||||||
environment.systemPackages = with pkgs; [ fahclient ];
|
|
||||||
}
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ lib, config, inputs, pkgs, ... }:
|
{ lib, config, inputs, pkgs, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
gitea_host = "git.${root_host}";
|
gitea_host = "git.${domain}";
|
||||||
gitea_port = 8081;
|
gitea_port = 8081;
|
||||||
gitea_ssh_port = 2222;
|
gitea_ssh_port = 2222;
|
||||||
in {
|
in {
|
||||||
|
@ -13,7 +13,7 @@ in {
|
||||||
HTTP_PORT = gitea_port;
|
HTTP_PORT = gitea_port;
|
||||||
ROOT_URL = "https://${gitea_host}/";
|
ROOT_URL = "https://${gitea_host}/";
|
||||||
DISABLE_SSH = false;
|
DISABLE_SSH = false;
|
||||||
SSH_DOMAIN = root_host;
|
SSH_DOMAIN = domain;
|
||||||
START_SSH_SERVER = true;
|
START_SSH_SERVER = true;
|
||||||
BUILTIN_SSH_SERVER_USER = "git";
|
BUILTIN_SSH_SERVER_USER = "git";
|
||||||
SSH_PORT = gitea_ssh_port;
|
SSH_PORT = gitea_ssh_port;
|
||||||
|
@ -28,7 +28,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ gitea_host];
|
security.acme.certs."${domain}".extraDomainNames = [ gitea_host];
|
||||||
networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];
|
networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -36,7 +36,7 @@ in {
|
||||||
virtualHosts."${gitea_host}" = {
|
virtualHosts."${gitea_host}" = {
|
||||||
serverName = gitea_host;
|
serverName = gitea_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
|
proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
grafana_host = "grafana.${root_host}";
|
grafana_host = "grafana.${domain}";
|
||||||
grafana_port = 8082;
|
grafana_port = 8082;
|
||||||
in {
|
in {
|
||||||
age.secrets.grafana_admin_pass = {
|
age.secrets.grafana_admin_pass = {
|
||||||
|
@ -11,13 +11,13 @@ in {
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ grafana_host ];
|
security.acme.certs."${domain}".extraDomainNames = [ grafana_host ];
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
security = {
|
security = {
|
||||||
admin_user = "admin";
|
admin_user = "admin";
|
||||||
admin_email = "admin@${root_host}";
|
admin_email = "admin@${domain}";
|
||||||
admin_password = "$__file{${config.age.secrets.grafana_admin_pass.path}}";
|
admin_password = "$__file{${config.age.secrets.grafana_admin_pass.path}}";
|
||||||
};
|
};
|
||||||
server = {
|
server = {
|
||||||
|
@ -33,7 +33,7 @@ in {
|
||||||
virtualHosts."${grafana_host}" = {
|
virtualHosts."${grafana_host}" = {
|
||||||
serverName = grafana_host;
|
serverName = grafana_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}";
|
proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
{ lib, config, inputs, pkgs, ... }:
|
{ lib, config, inputs, pkgs, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
root_email = "contact@${root_host}";
|
root_email = "contact@${domain}";
|
||||||
in {
|
in {
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults.email = root_email;
|
defaults.email = root_email;
|
||||||
certs."${root_host}" = {
|
certs."${domain}" = {
|
||||||
webroot = "/var/lib/acme/acme-challenge/";
|
webroot = "/var/lib/acme/acme-challenge/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
{ config, ... } :
|
{ config, ... } :
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
mastodon_host = "mastodon.${root_host}";
|
mastodon_host = "mastodon.${domain}";
|
||||||
in {
|
in {
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ mastodon_host ];
|
security.acme.certs."${domain}".extraDomainNames = [ mastodon_host ];
|
||||||
services.mastodon = {
|
services.mastodon = {
|
||||||
enable = true;
|
enable = true;
|
||||||
localDomain = mastodon_host;
|
localDomain = mastodon_host;
|
||||||
streamingProcesses = 7;
|
streamingProcesses = 7;
|
||||||
configureNginx = true;
|
configureNginx = true;
|
||||||
smtp = {
|
smtp = {
|
||||||
fromAddress = "noreply@${root_host}";
|
fromAddress = "noreply@${domain}";
|
||||||
};
|
};
|
||||||
extraConfig.SINGLE_USER_MODE = "true";
|
extraConfig.SINGLE_USER_MODE = "true";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ lib, config, inputs, pkgs, ... }:
|
{ lib, config, inputs, pkgs, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
matrix_host = "matrix.${root_host}";
|
matrix_host = "matrix.${domain}";
|
||||||
in {
|
in {
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -66,8 +66,8 @@ host replication all ::1/128 md5
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
suppress_key_server_warning = true;
|
suppress_key_server_warning = true;
|
||||||
server_name = root_host;
|
server_name = domain;
|
||||||
public_baseurl = "https://${root_host}";
|
public_baseurl = "https://${domain}";
|
||||||
enable_registration = true;
|
enable_registration = true;
|
||||||
registration_requires_token = true;
|
registration_requires_token = true;
|
||||||
registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
|
registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
|
||||||
|
@ -114,10 +114,10 @@ host replication all ::1/128 md5
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${root_host}" = {
|
virtualHosts."${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = false; # use the cert above, not some weird one that matrix-synapse module supplies
|
enableACME = false; # use the cert above, not some weird one that matrix-synapse module supplies
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/.well-known/matrix/server" = {
|
locations."/.well-known/matrix/server" = {
|
||||||
return = "200 '{\"m.server\":\"${matrix_host}:443\"}'";
|
return = "200 '{\"m.server\":\"${matrix_host}:443\"}'";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ lib, pkgs, config, ...} :
|
{ lib, pkgs, config, ...} :
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
nextcloud_host = "cloud.${root_host}";
|
nextcloud_host = "cloud.${domain}";
|
||||||
nextcloud_port = 8083;
|
nextcloud_port = 8083;
|
||||||
in {
|
in {
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
|
@ -15,7 +15,7 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ nextcloud_host ];
|
security.acme.certs."${domain}".extraDomainNames = [ nextcloud_host ];
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
nextcloud_admin_pass = {
|
nextcloud_admin_pass = {
|
||||||
file = ../secrets/nextcloud_admin_pass.age;
|
file = ../secrets/nextcloud_admin_pass.age;
|
||||||
|
@ -76,7 +76,7 @@ in {
|
||||||
virtualHosts."${nextcloud_host}" = {
|
virtualHosts."${nextcloud_host}" = {
|
||||||
serverName = nextcloud_host;
|
serverName = nextcloud_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ config, ... } :
|
{ config, ... } :
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
prometheus_host = "prometheus.${root_host}";
|
prometheus_host = "prometheus.${domain}";
|
||||||
prometheus_port = 9090; # netstat -nlp | grep 9090
|
prometheus_port = 9090; # netstat -nlp | grep 9090
|
||||||
in {
|
in {
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ prometheus_host];
|
security.acme.certs."${domain}".extraDomainNames = [ prometheus_host];
|
||||||
|
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -42,10 +42,10 @@ in {
|
||||||
virtualHosts."${prometheus_host}" = {
|
virtualHosts."${prometheus_host}" = {
|
||||||
serverName = prometheus_host;
|
serverName = prometheus_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
# proxyPass = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}";
|
# proxyPass = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}";
|
||||||
return = "307 https://${root_host}"; # nuh uh, no raw prometheus access for you!
|
return = "307 https://${domain}"; # nuh uh, no raw prometheus access for you!
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{config, pkgs, ...}: let
|
{config, pkgs, ...}: let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
root_email = "contact@${root_host}";
|
root_email = "contact@${domain}";
|
||||||
ptero_host = "ptero.${root_host}";
|
ptero_host = "ptero.${domain}";
|
||||||
DATA_DIR = "/var/lib/pterodactylpanel";
|
DATA_DIR = "/var/lib/pterodactylpanel";
|
||||||
panel_user = "pterodactyl";
|
panel_user = "pterodactyl";
|
||||||
local_bridge = "ptero-local-br";
|
local_bridge = "ptero-local-br";
|
||||||
|
@ -88,7 +88,7 @@ chmod +777 -R ${DATA_DIR}
|
||||||
"APP_TIMEZONE" = "Europe/Berlin";
|
"APP_TIMEZONE" = "Europe/Berlin";
|
||||||
"APP_SERVICE_AUTHOR" = root_email;
|
"APP_SERVICE_AUTHOR" = root_email;
|
||||||
|
|
||||||
"MAIL_FROM" = "noreply@${root_host}";
|
"MAIL_FROM" = "noreply@${domain}";
|
||||||
"MAIL_DRIVER" = "smtp";
|
"MAIL_DRIVER" = "smtp";
|
||||||
"MAIL_HOST" = "mail";
|
"MAIL_HOST" = "mail";
|
||||||
"MAIL_PORT" = "25";
|
"MAIL_PORT" = "25";
|
||||||
|
@ -111,13 +111,13 @@ chmod +777 -R ${DATA_DIR}
|
||||||
environmentFiles = [ config.age.secrets.ptero_env.path ];
|
environmentFiles = [ config.age.secrets.ptero_env.path ];
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ ptero_host ];
|
security.acme.certs."${domain}".extraDomainNames = [ ptero_host ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${ptero_host}" = {
|
virtualHosts."${ptero_host}" = {
|
||||||
serverName = ptero_host;
|
serverName = ptero_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${ptero_port}";
|
proxyPass = "http://127.0.0.1:${ptero_port}";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ lib, config, inputs, pkgs, ... }:
|
{ lib, config, inputs, pkgs, ... }:
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
inherit (config.networking) domain;
|
||||||
puffer_port = 8080;
|
puffer_port = 8080;
|
||||||
puffer_sftp_port = 5657;
|
puffer_sftp_port = 5657;
|
||||||
puffer_host = "puffer.${root_host}";
|
puffer_host = "puffer.${domain}";
|
||||||
tlemap_host = "tlemap.${root_host}";
|
tlemap_host = "tlemap.${domain}";
|
||||||
tlemap_port = 8100;
|
tlemap_port = 8100;
|
||||||
in {
|
in {
|
||||||
services.pufferpanel = {
|
services.pufferpanel = {
|
||||||
|
@ -22,7 +22,7 @@ in {
|
||||||
virtualHosts."${puffer_host}" = {
|
virtualHosts."${puffer_host}" = {
|
||||||
serverName = puffer_host;
|
serverName = puffer_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${builtins.toString puffer_port}";
|
proxyPass = "http://127.0.0.1:${builtins.toString puffer_port}";
|
||||||
};
|
};
|
||||||
|
@ -30,14 +30,14 @@ in {
|
||||||
virtualHosts."${tlemap_host}" = {
|
virtualHosts."${tlemap_host}" = {
|
||||||
serverName = tlemap_host;
|
serverName = tlemap_host;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = root_host;
|
useACMEHost = domain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${builtins.toString tlemap_port}";
|
proxyPass = "http://127.0.0.1:${builtins.toString tlemap_port}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ puffer_host tlemap_host ];
|
security.acme.certs."${domain}".extraDomainNames = [ puffer_host tlemap_host ];
|
||||||
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 25567 25568 7270 ];
|
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 25567 25568 7270 ];
|
||||||
|
|
||||||
# virtualisation.podman.enable = true;
|
# virtualisation.podman.enable = true;
|
||||||
|
|
Loading…
Reference in a new issue