From f75eaf7fff963b88e412d315d0fdef8151943c20 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Sat, 23 Feb 2019 19:46:09 -0800 Subject: Reorganize directory --- depo/nutin-madaj/configuration.nix | 103 +++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 depo/nutin-madaj/configuration.nix (limited to 'depo/nutin-madaj/configuration.nix') diff --git a/depo/nutin-madaj/configuration.nix b/depo/nutin-madaj/configuration.nix new file mode 100644 index 0000000..a6d303d --- /dev/null +++ b/depo/nutin-madaj/configuration.nix @@ -0,0 +1,103 @@ +{ ... }: + +let + bensIp = "68.107.97.20"; + ibbPort = "3000"; + fathomPort = "3030"; +in +{ + nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [ + (import ../../pack/default.nix) + ]; + + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; + + services = { + + ibb = { + enable = true; + port = ibbPort; + }; + + fathom = { + enable = true; + port = fathomPort; + dataDir = "/var/lib/fathom"; + }; + + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "web.simatime.com".locations."/".proxyPass = "http://${bensIp}:8000"; + "dev.simatime.com".locations."/".proxyPass = "http://${bensIp}:${ibbPort}"; + "hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001"; + "tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096 + + "stats.simatime.com" = { + locations."/".proxyPass = "http://localhost:${fathomPort}"; + forceSSL = true; + enableACME = true; + }; + "influencedbybooks.com" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${ibbPort}"; + }; + }; + }; + }; + }; + }; + + mailserver = { + enable = true; + monitoring = { + enable = true; + alertAddress = "ben@bsima.me"; + }; + fqdn = "mail.simatime.com"; + domains = [ "simatime.com" ]; + certificateScheme = 3; # let's encrypt + enableImap = true; + enablePop3 = true; + enableImapSsl = true; + enablePop3Ssl = true; + enableManageSieve = true; + virusScanning = false; # ur on ur own + + loginAccounts = { + "ben@simatime.com" = { + hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/"; + aliases = [ + # admin stuff + "postmaster@simatime.com" + "abuse@simatime.com" + ]; + catchAll = [ "simatime.com" ]; + quota = "1G"; + }; + "nick@simatime.com" = { + hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; + aliases = [ + "nicolai@simatime.com" + ]; + quota = "1G"; + }; + }; + }; + + boot.cleanTmpDir = true; + networking.hostName = "simatime"; + networking.firewall.allowPing = true; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb" + ]; +} -- cgit v1.2.3