blob: 83c449bbe2fad4099fceaeaf071b6a4cc63d2c05 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
{ ... }:
let
bensIp = "68.107.97.20";
ibbPort = "3000";
fathomPort = "3030";
in
{
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
(import ./pack/default.nix)
];
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
services = {
ibb = {
enable = true;
port = ibbPort;
};
fathom = {
enable = true;
port = fathomPort;
dataDir = "/var/lib/fathom";
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"web.simatime.com".locations."/".proxyPass = "http://${bensIp}:8000";
"dev.simatime.com".locations."/".proxyPass = "http://${bensIp}:${ibbPort}";
"hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001";
"tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096
"stats.simatime.com" = {
locations."/".proxyPass = "http://localhost:${fathomPort}";
forceSSL = true;
enableACME = true;
};
"influencedbybooks.com" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:${ibbPort}";
};
};
};
};
};
};
mailserver = {
enable = true;
monitoring = {
enable = true;
alertAddress = "ben@bsima.me";
};
fqdn = "mail.simatime.com";
domains = [ "simatime.com" ];
certificateScheme = 3; # let's encrypt
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
enableManageSieve = true;
virusScanning = false; # ur on ur own
loginAccounts = {
"ben@simatime.com" = {
hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/";
aliases = [
# admin stuff
"postmaster@simatime.com"
"abuse@simatime.com"
];
catchAll = [ "simatime.com" ];
quota = "1G";
};
"nick@simatime.com" = {
hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1";
aliases = [
"nicolai@simatime.com"
];
quota = "1G";
};
};
};
boot.cleanTmpDir = true;
networking.hostName = "simatime";
networking.firewall.allowPing = true;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"
];
}
|
