1
0
Fork 0
forked from emily/nixfiles
nixfiles-emily/config/hosts/web-dus/configuration.nix

117 lines
3.4 KiB
Nix
Raw Normal View History

2024-01-12 15:11:33 +01:00
{ config, inputs, pkgs, ... }:
2023-12-06 10:21:07 +01:00
let
2024-01-09 17:02:32 +01:00
bmpPort = 11019;
2024-01-16 20:03:30 +01:00
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
2024-01-09 15:46:18 +01:00
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
2023-12-06 10:21:07 +01:00
in {
2024-01-10 13:50:25 +01:00
imports = [
inputs.fernglas.nixosModules.default
2024-01-16 20:03:30 +01:00
inputs.kyouma-www.nixosModules.default
2024-01-17 14:34:33 +01:00
../../common
2024-02-05 22:22:40 +01:00
../../profiles/headless.nix
../../profiles/kartoffel.nix
../../profiles/lxc.nix
../../services/nginx.nix
2024-01-10 13:50:25 +01:00
];
2023-12-06 10:21:07 +01:00
networking = {
2024-01-12 15:11:33 +01:00
hostName = "web-dus";
2024-01-18 16:03:31 +01:00
# docker
nftables.enable = mkForce false;
2024-01-09 17:02:32 +01:00
firewall.allowedTCPPorts = [ 80 443 bmpPort ];
2024-01-09 16:23:24 +01:00
firewall.allowedUDPPorts = [ 443 ];
2023-12-06 10:21:07 +01:00
};
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::1312/128"
];
};
2024-01-16 20:03:30 +01:00
services.vyosBld = {
enable = true;
2024-01-17 15:49:17 +01:00
output = "/var/www/kyouma.net/vyos";
2024-01-16 20:03:30 +01:00
buildFlags = {
architecture = "amd64";
build-by = "noc@kyouma.net";
build-type = "release";
version = "1.5-$(date %Y%m%d)";
};
};
2024-01-09 17:02:32 +01:00
services.fernglas = {
enable = true;
2023-12-06 10:21:07 +01:00
settings = {
2024-01-09 17:02:32 +01:00
api.bind = "[::1]:3000";
collectors = {
bmp_collector = {
collector_type = "Bmp";
bind = "[::]:${toString bmpPort}";
peers = {
"45.150.123.0" = {};
};
};
};
2023-12-06 10:21:07 +01:00
};
};
services.nginx = {
2024-01-09 16:30:36 +01:00
createHost = {
2024-01-16 20:03:30 +01:00
"miau.zip" = { root = kyouma-www.default; };
2023-12-06 10:21:07 +01:00
"www.miau.zip" = { redirectTo = "miau.zip"; };
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
2024-01-17 15:49:17 +01:00
"emily.cat" = { root = "/var/www/emily.cat/_site"; };
2023-12-06 10:21:07 +01:00
"www.emily.cat" = { redirectTo = "kyouma.net"; };
"www.cocaine.trade" = { redirectTo = "cocaine.trade"; };
"redirect" = {
default = true;
reuseport = true;
useACMEHost = "kyouma.net";
extraConfig = ''
return 403;
'';
};
"cocaine.trade" = {
2024-01-17 15:49:17 +01:00
root = "/var/www/basti/cocaine.trade";
2023-12-06 10:21:07 +01:00
extraConfig = ''error_page 404 /404.html;'';
locations."/" = {
index = "index.html";
tryFiles = "$uri $uri.html =404";
};
locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
};
"files.cocaine.trade" = {
useACMEHost = "cocaine.trade";
2024-01-17 15:49:17 +01:00
root = "/var/www/basti/files.cocaine.trade";
2024-01-09 15:46:18 +01:00
locations."/".extraConfig = autoIndex;
};
"kyouma.net" = {
2024-01-16 20:03:30 +01:00
root = kyouma-www.default;
2024-01-09 15:46:18 +01:00
locations = {
2024-01-16 20:03:30 +01:00
"/assets/media/".root = kyouma-www.vid;
"/vyos/" = {
root = config.services.vyosBld.output;
extraConfig = autoIndex;
};
2024-01-12 15:11:33 +01:00
"/ihk/" = {
2024-01-17 15:49:17 +01:00
root = "/var/www/kyouma.net/ihk";
2024-01-12 15:11:33 +01:00
extraConfig = autoIndex;
};
2024-01-09 15:46:18 +01:00
};
2023-12-06 10:21:07 +01:00
};
"lg.kyouma.net" = {
useACMEHost = "kyouma.net";
2024-01-10 13:50:25 +01:00
locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
2024-01-09 17:02:32 +01:00
locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
2023-12-06 10:21:07 +01:00
};
};
};
2024-01-10 13:30:05 +01:00
security.acme.certs = {
"miau.zip" = { extraDomainNames = [ "www.miau.zip" "lg.miau.zip" ]; };
"kyouma.net" = { extraDomainNames = [ "www.kyouma.net" "lg.kyouma.net" ]; };
"emily.cat" = { extraDomainNames = [ "www.emily.cat" ]; };
"cocaine.trade" = { extraDomainNames = [ "www.cocaine.trade" "files.cocaine.trade" ]; };
2023-12-06 10:21:07 +01:00
};
}