{ config, inputs, pkgs, ... }: let bmpPort = 11019; kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system}; autoIndex = '' autoindex on; autoindex_exact_size off; autoindex_format html; autoindex_localtime on; ''; in { imports = [ inputs.fernglas.nixosModules.default inputs.kyouma-www.nixosModules.default ../../common ../../profiles/headless.nix ../../profiles/kartoffel.nix ../../profiles/lxc.nix ../../services/nginx.nix ]; networking = { hostName = "web-dus"; # docker nftables.enable = mkForce false; firewall.allowedTCPPorts = [ 80 443 bmpPort ]; firewall.allowedUDPPorts = [ 443 ]; }; systemd.network.networks."98-eth-default" = { address = [ "2a0f:be01:0:100::1312/128" ]; }; services.vyosBld = { enable = true; output = "/var/www/kyouma.net/vyos"; buildFlags = { architecture = "amd64"; build-by = "noc@kyouma.net"; build-type = "release"; version = "1.5-$(date %Y%m%d)"; }; }; services.fernglas = { enable = true; settings = { api.bind = "[::1]:3000"; collectors = { bmp_collector = { collector_type = "Bmp"; bind = "[::]:${toString bmpPort}"; peers = { "45.150.123.0" = {}; }; }; }; }; }; services.nginx = { createHost = { "miau.zip" = { root = kyouma-www.default; }; "www.miau.zip" = { redirectTo = "miau.zip"; }; "www.kyouma.net" = { redirectTo = "kyouma.net"; }; "emily.cat" = { root = "/var/www/emily.cat/_site"; }; "www.emily.cat" = { redirectTo = "kyouma.net"; }; "www.cocaine.trade" = { redirectTo = "cocaine.trade"; }; "redirect" = { default = true; reuseport = true; useACMEHost = "kyouma.net"; extraConfig = '' return 403; ''; }; "cocaine.trade" = { root = "/var/www/basti/cocaine.trade"; extraConfig = ''error_page 404 /404.html;''; locations."/" = { index = "index.html"; tryFiles = "$uri $uri.html =404"; }; locations."= /".extraConfig = ''rewrite ^ /index.html last;''; }; "files.cocaine.trade" = { useACMEHost = "cocaine.trade"; root = "/var/www/basti/files.cocaine.trade"; locations."/".extraConfig = autoIndex; }; "kyouma.net" = { root = kyouma-www.default; locations = { "/assets/media/".root = kyouma-www.vid; "/vyos/" = { root = config.services.vyosBld.output; extraConfig = autoIndex; }; "/ihk/" = { root = "/var/www/kyouma.net/ihk"; extraConfig = autoIndex; }; }; }; "lg.kyouma.net" = { useACMEHost = "kyouma.net"; locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend; locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}"; }; }; }; security.acme.certs = { "miau.zip" = { extraDomainNames = [ "www.miau.zip" "lg.miau.zip" ]; }; "kyouma.net" = { extraDomainNames = [ "www.kyouma.net" "lg.kyouma.net" ]; }; "emily.cat" = { extraDomainNames = [ "www.emily.cat" ]; }; "cocaine.trade" = { extraDomainNames = [ "www.cocaine.trade" "files.cocaine.trade" ]; }; }; }