summaryrefslogtreecommitdiff
path: root/depo/nutin-madaj
diff options
context:
space:
mode:
Diffstat (limited to 'depo/nutin-madaj')
-rw-r--r--depo/nutin-madaj/configuration.nix103
-rw-r--r--depo/nutin-madaj/default.nix25
-rw-r--r--depo/nutin-madaj/hardware-configuration.nix6
-rw-r--r--depo/nutin-madaj/networking.nix30
4 files changed, 164 insertions, 0 deletions
diff --git a/depo/nutin-madaj/configuration.nix b/depo/nutin-madaj/configuration.nix
new file mode 100644
index 0000000..a6d303d
--- /dev/null
+++ b/depo/nutin-madaj/configuration.nix
@@ -0,0 +1,103 @@
+{ ... }:
+
+let
+ bensIp = "68.107.97.20";
+ ibbPort = "3000";
+ fathomPort = "3030";
+in
+{
+ nixpkgs.config.allowUnfree = true;
+ nixpkgs.overlays = [
+ (import ../../pack/default.nix)
+ ];
+
+ networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+
+ services = {
+
+ ibb = {
+ enable = true;
+ port = ibbPort;
+ };
+
+ fathom = {
+ enable = true;
+ port = fathomPort;
+ dataDir = "/var/lib/fathom";
+ };
+
+ nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ virtualHosts = {
+ "web.simatime.com".locations."/".proxyPass = "http://${bensIp}:8000";
+ "dev.simatime.com".locations."/".proxyPass = "http://${bensIp}:${ibbPort}";
+ "hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001";
+ "tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096
+
+ "stats.simatime.com" = {
+ locations."/".proxyPass = "http://localhost:${fathomPort}";
+ forceSSL = true;
+ enableACME = true;
+ };
+ "influencedbybooks.com" = {
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://localhost:${ibbPort}";
+ };
+ };
+ };
+ };
+ };
+ };
+
+ mailserver = {
+ enable = true;
+ monitoring = {
+ enable = true;
+ alertAddress = "ben@bsima.me";
+ };
+ fqdn = "mail.simatime.com";
+ domains = [ "simatime.com" ];
+ certificateScheme = 3; # let's encrypt
+ enableImap = true;
+ enablePop3 = true;
+ enableImapSsl = true;
+ enablePop3Ssl = true;
+ enableManageSieve = true;
+ virusScanning = false; # ur on ur own
+
+ loginAccounts = {
+ "ben@simatime.com" = {
+ hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/";
+ aliases = [
+ # admin stuff
+ "postmaster@simatime.com"
+ "abuse@simatime.com"
+ ];
+ catchAll = [ "simatime.com" ];
+ quota = "1G";
+ };
+ "nick@simatime.com" = {
+ hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1";
+ aliases = [
+ "nicolai@simatime.com"
+ ];
+ quota = "1G";
+ };
+ };
+ };
+
+ boot.cleanTmpDir = true;
+ networking.hostName = "simatime";
+ networking.firewall.allowPing = true;
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"
+ ];
+}
diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix
new file mode 100644
index 0000000..a97a4a7
--- /dev/null
+++ b/depo/nutin-madaj/default.nix
@@ -0,0 +1,25 @@
+let
+ nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix);
+in
+import "${nixpkgs}/nixos" {
+ system = "x86_64-linux";
+ configuration = {
+ imports = [
+ ./hardware-configuration.nix
+ ./networking.nix
+
+ # end config
+ ./configuration.nix
+
+ # our modules
+ ../../mode/ibb.nix
+ ../../mode/fathom.nix
+
+ # third party
+ (builtins.fetchTarball {
+ url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz";
+ sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc";
+ })
+ ];
+ };
+}
diff --git a/depo/nutin-madaj/hardware-configuration.nix b/depo/nutin-madaj/hardware-configuration.nix
new file mode 100644
index 0000000..8c88cb7
--- /dev/null
+++ b/depo/nutin-madaj/hardware-configuration.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+ imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+ boot.loader.grub.device = "/dev/vda";
+ fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+}
diff --git a/depo/nutin-madaj/networking.nix b/depo/nutin-madaj/networking.nix
new file mode 100644
index 0000000..6c55005
--- /dev/null
+++ b/depo/nutin-madaj/networking.nix
@@ -0,0 +1,30 @@
+{ lib, ... }: {
+ # This file was populated at runtime with the networking
+ # details gathered from the active system.
+ networking = {
+ nameservers = [
+ "67.207.67.2"
+ "67.207.67.3"
+ ];
+ defaultGateway = "159.89.128.1";
+ defaultGateway6 = "";
+ dhcpcd.enable = false;
+ usePredictableInterfaceNames = lib.mkForce true;
+ interfaces = {
+ eth0 = {
+ ipv4.addresses = [
+ { address="159.89.128.69"; prefixLength=20; }
+{ address="10.46.0.6"; prefixLength=16; }
+ ];
+ ipv6.addresses = [
+ { address="fe80::e899:c0ff:fe9c:e194"; prefixLength=64; }
+ ];
+ };
+
+ };
+ };
+ services.udev.extraRules = ''
+ ATTR{address}=="ea:99:c0:9c:e1:94", NAME="eth0"
+
+ '';
+}