mirror of
https://github.com/kp2pml30/dotfiles.git
synced 2026-02-17 07:44:41 +04:00
try to migrate to nix
This commit is contained in:
parent
f2f4ead62f
commit
94da1ce936
26 changed files with 830 additions and 181 deletions
45
nix/server.nix
Normal file
45
nix/server.nix
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
mhostname = "example.org" ;
|
||||
in
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
ports = [ 22 ];
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
AllowUsers = [ "kp2pml30-serv" ];
|
||||
};
|
||||
};
|
||||
|
||||
users.users.kp2pml30-serv = import ./user.nix;
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "kp2pml30@gmail.com";
|
||||
certs."${mhostname}" = {
|
||||
serverAliases = [ "*.${mhostname}" ];
|
||||
webroot = "/var/lib/acme/.challenges";
|
||||
group = "nginx";
|
||||
#extraDomainNames = [ "mail.example.org" ];
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts."${mhostname}" = {
|
||||
enableACME = true;
|
||||
listen = [
|
||||
{ port = 80; }
|
||||
];
|
||||
locations."/.well-known/acme-challenge/" = {
|
||||
root = "/var/lib/acme/.challenges";
|
||||
};
|
||||
locations."/" = {
|
||||
return = 404;
|
||||
};
|
||||
};
|
||||
streamConfig = (builtins.readFile ./stream.nginx);
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue