{ pkgs, ... }: let bensIp = "68.107.97.20"; # hiddor-kahih benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"; ibbPort = "3000"; fathomPort = "3030"; gitDir = "/srv/git"; in { nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ (import ../../pack/overlay.nix) ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; services = { gitolite = { enable = true; enableGitAnnex = true; dataDir = "${gitDir}"; user = "git"; group = "git"; extraGitoliteRc = '' $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; $RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)'; ''; adminPubkey = "${benKey}"; }; lighttpd = { enable = true; port = 8000; document-root = "/srv/www"; mod_userdir = true; mod_status = true; collectd = { enable = true; }; cgit = { # disable cgit for now; the ssh interface still works anyway. enable = false; subdir = "git"; configText = '' cache-size=0 clone-url=git@simatime.com:$CGIT_REPO_URL enable-index-owner=1 enable-http-clone=0 enable-index-links=1 enable-commit-graph=1 enable-log-filecount=1 enable-log-linecount=1 enable-git-config=1 remove-suffix=1 branch-sort=age max-stats=week mimetype.gif=image/gif mimetype.html=text/html mimetype.jpg=image/jpeg mimetype.jpeg=image/jpeg mimetype.pdf=application/pdf mimetype.png=image/png mimetype.svg=image/svg+xml about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py readme=:README.md root-title=simatime git repository root-desc=a computer is a bicycle for the mind. project-list=${gitDir}/projects.list scan-path=${gitDir}/repositories ''; }; }; ibb = { enable = true; port = ibbPort; }; fathom = { enable = true; port = fathomPort; dataDir = "/var/lib/fathom"; }; nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { # "bsima.me".locations."/".proxyPass = "http://localhost:8000/~ben"; "simatime.com".locations."/".proxyPass = "http://localhost:8000"; "web.simatime.com".locations."/".proxyPass = "http://${bensIp}:8000"; "dev.simatime.com".locations."/".proxyPass = "http://${bensIp}:${ibbPort}"; "hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001"; "tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096 "notebook.simatime.com".locations = { "/" = { proxyPass = "http://${bensIp}:3099"; proxyWebsockets = true; extraConfig = '' proxy_buffering off; proxy_read_timeout 86400; ''; }; "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { proxyPass = "http://${bensIp}:3099"; proxyWebsockets = true; }; }; "stats.simatime.com" = { locations."/".proxyPass = "http://localhost:${fathomPort}"; forceSSL = true; enableACME = true; }; "influencedbybooks.com" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://localhost:${ibbPort}"; }; }; }; }; }; znc = { enable = true; mutable = true; useLegacyConfig = false; openFirewall = true; config = { LoadModule = [ "adminlog" "fail2ban" ]; User.bsima = { Admin = true; Nick = "bsima"; AltNick = "bsima1"; LoadModule = [ "chansaver" "controlpanel" ]; Network.freenode = { Server = "chat.freenode.net +6697"; LoadModule = [ "simple_away" "nickserv" ]; Chan = { "#ai" = {}; "#bsima" = {}; "#emacs" = {}; "#haskell" = {}; "#haskell-miso" = {}; "#home-manager" = {}; "#nixos" = {}; "#servant" = {}; "#sr.ht" = {}; "#xmonad" = {}; }; }; Pass.password = { Method = "sha256"; Hash = "4a6703074c713a26d56a906fc9ea82bb591177f10a25a650719266bf588d9525"; Salt = "QByO-A:4Rbib;dl_3wEH"; }; }; }; }; }; mailserver = { enable = true; monitoring = { enable = true; alertAddress = "ben@bsima.me"; }; fqdn = "mail.simatime.com"; domains = [ "simatime.com" ]; certificateScheme = 3; # let's encrypt enableImap = true; enablePop3 = true; enableImapSsl = true; enablePop3Ssl = true; enableManageSieve = true; virusScanning = false; # ur on ur own loginAccounts = { "ben@simatime.com" = { hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/"; aliases = [ # admin stuff "postmaster@simatime.com" "abuse@simatime.com" ]; catchAll = [ "simatime.com" ]; quota = "1G"; }; "nick@simatime.com" = { hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; aliases = [ "nicolai@simatime.com" ]; quota = "1G"; }; }; }; virtualisation = { libvirtd.enable = true; docker.enable = true; virtualbox.guest.enable = true; virtualbox.host.enable = true; virtualbox.host.headless = false; virtualbox.host.addNetworkInterface = true; }; boot.cleanTmpDir = true; networking.hostName = "simatime"; networking.firewall.allowPing = true; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ benKey ]; }