try to migrate to nix

2026-02-17 07:44:41 +04:00 · 2025-01-11 20:48:22 +04:00 · 2025-01-11 20:48:22 +04:00 · 94da1ce936
commit 94da1ce936
parent f2f4ead62f
26 changed files with 830 additions and 181 deletions
--- a/nix/server.nix
+++ b/nix/server.nix
@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+let
+	mhostname = "example.org" ;
+in
+{
+	services.openssh = {
+		enable = true;
+		ports = [ 22 ];
+		openFirewall = true;
+		settings = {
+			PasswordAuthentication = false;
+			KbdInteractiveAuthentication = false;
+			AllowUsers = [ "kp2pml30-serv" ];
+		};
+	};
+
+	users.users.kp2pml30-serv = import ./user.nix;
+	users.users.nginx.extraGroups = [ "acme" ];
+
+	security.acme = {
+		acceptTerms = true;
+		defaults.email = "kp2pml30@gmail.com";
+		certs."${mhostname}" = {
+			serverAliases = [ "*.${mhostname}" ];
+			webroot = "/var/lib/acme/.challenges";
+			group = "nginx";
+			#extraDomainNames = [ "mail.example.org" ];
+		};
+	};
+	services.nginx = {
+		virtualHosts."${mhostname}" = {
+			enableACME = true;
+			listen = [
+				{ port = 80; }
+			];
+			locations."/.well-known/acme-challenge/" = {
+				root = "/var/lib/acme/.challenges";
+			};
+			locations."/" = {
+				return = 404;
+			};
+		};
+		streamConfig = (builtins.readFile ./stream.nginx);
+	};
+}