diff options
Diffstat (limited to 'depo/nutin-madaj')
-rw-r--r-- | depo/nutin-madaj/configuration.nix | 103 | ||||
-rw-r--r-- | depo/nutin-madaj/default.nix | 25 | ||||
-rw-r--r-- | depo/nutin-madaj/hardware-configuration.nix | 6 | ||||
-rw-r--r-- | depo/nutin-madaj/networking.nix | 30 |
4 files changed, 164 insertions, 0 deletions
diff --git a/depo/nutin-madaj/configuration.nix b/depo/nutin-madaj/configuration.nix new file mode 100644 index 0000000..a6d303d --- /dev/null +++ b/depo/nutin-madaj/configuration.nix @@ -0,0 +1,103 @@ +{ ... }: + +let + bensIp = "68.107.97.20"; + ibbPort = "3000"; + fathomPort = "3030"; +in +{ + nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [ + (import ../../pack/default.nix) + ]; + + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; + + services = { + + ibb = { + enable = true; + port = ibbPort; + }; + + fathom = { + enable = true; + port = fathomPort; + dataDir = "/var/lib/fathom"; + }; + + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "web.simatime.com".locations."/".proxyPass = "http://${bensIp}:8000"; + "dev.simatime.com".locations."/".proxyPass = "http://${bensIp}:${ibbPort}"; + "hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001"; + "tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096 + + "stats.simatime.com" = { + locations."/".proxyPass = "http://localhost:${fathomPort}"; + forceSSL = true; + enableACME = true; + }; + "influencedbybooks.com" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${ibbPort}"; + }; + }; + }; + }; + }; + }; + + mailserver = { + enable = true; + monitoring = { + enable = true; + alertAddress = "ben@bsima.me"; + }; + fqdn = "mail.simatime.com"; + domains = [ "simatime.com" ]; + certificateScheme = 3; # let's encrypt + enableImap = true; + enablePop3 = true; + enableImapSsl = true; + enablePop3Ssl = true; + enableManageSieve = true; + virusScanning = false; # ur on ur own + + loginAccounts = { + "ben@simatime.com" = { + hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/"; + aliases = [ + # admin stuff + "postmaster@simatime.com" + "abuse@simatime.com" + ]; + catchAll = [ "simatime.com" ]; + quota = "1G"; + }; + "nick@simatime.com" = { + hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; + aliases = [ + "nicolai@simatime.com" + ]; + quota = "1G"; + }; + }; + }; + + boot.cleanTmpDir = true; + networking.hostName = "simatime"; + networking.firewall.allowPing = true; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb" + ]; +} diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix new file mode 100644 index 0000000..a97a4a7 --- /dev/null +++ b/depo/nutin-madaj/default.nix @@ -0,0 +1,25 @@ +let + nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix); +in +import "${nixpkgs}/nixos" { + system = "x86_64-linux"; + configuration = { + imports = [ + ./hardware-configuration.nix + ./networking.nix + + # end config + ./configuration.nix + + # our modules + ../../mode/ibb.nix + ../../mode/fathom.nix + + # third party + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz"; + sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc"; + }) + ]; + }; +} diff --git a/depo/nutin-madaj/hardware-configuration.nix b/depo/nutin-madaj/hardware-configuration.nix new file mode 100644 index 0000000..8c88cb7 --- /dev/null +++ b/depo/nutin-madaj/hardware-configuration.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ]; + boot.loader.grub.device = "/dev/vda"; + fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; +} diff --git a/depo/nutin-madaj/networking.nix b/depo/nutin-madaj/networking.nix new file mode 100644 index 0000000..6c55005 --- /dev/null +++ b/depo/nutin-madaj/networking.nix @@ -0,0 +1,30 @@ +{ lib, ... }: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "67.207.67.2" + "67.207.67.3" + ]; + defaultGateway = "159.89.128.1"; + defaultGateway6 = ""; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce true; + interfaces = { + eth0 = { + ipv4.addresses = [ + { address="159.89.128.69"; prefixLength=20; } +{ address="10.46.0.6"; prefixLength=16; } + ]; + ipv6.addresses = [ + { address="fe80::e899:c0ff:fe9c:e194"; prefixLength=64; } + ]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="ea:99:c0:9c:e1:94", NAME="eth0" + + ''; +} |