caem/caenix
caem/caenix
1
Fork 0
Code Pull requests Releases Activity

Add configuration for dirae.org

Browse source
This commit is contained in:
caem 2023-07-01 15:08:00 +02:00
parent 471ae20bb7
commit fe9f7d9732
17 changed files with 421 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

25
packages/gitlab/package.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
services.gitlab = {
enable = true;
host = "gitlab.dirae.org";
# Server is running on limited budet :,)
# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
puma.workers = 0;
user = "gitlab";
group = "gitlab";
https = true;
databasePasswordFile = "/var/keys/gitlab/db_password";
initialRootPasswordFile = "/var/keys/gitlab/root_password";
secrets = {
dbFile = "/var/keys/gitlab/db";
secretFile = "/var/keys/gitlab/secret";
otpFile = "/var/keys/gitlab/otp";
jwsFile = "/var/keys/gitlab/jws";
};
};
}

33
packages/mailserver/package.nix Normal file
View file

@ -0,0 +1,33 @@
{ simple-mailserver, ... }:
{
imports = [
simple-mailserver.nixosModule
];
mailserver = {
enable = true;
fqdn = "dirae.org";
domains = [ "dirae.org" ];
loginAccounts = {
"caem@dirae.org" = {
hashedPasswordFile = "/nix/config/packages/mailserver/pw";
aliases = [
"admin@dirae.org"
"postmaser@dirae.org"
"legal@dirae.org"
"contact@dirae.org"
"dmca@dirae.org"
"pt@dirae.org"
"cali@dirae.org"
"abuse@dirae.org"
];
};
};
# Managed in configuration for nginx
certificateScheme = "acme";
};
}

48
packages/nginx/dirae.nix Normal file
View file

@ -0,0 +1,48 @@
{ ... }:
let
fqdn = "dirae.org";
serverConfig."m.server" = "dirae.org:443";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
security.acme.acceptTerms = true;
security.acme.defaults.email = "caem@dirae.org";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"dirae.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/www/dirae";
};
locations."/.well-known/matrix/server".extraConfig = ''
return 200 '{"m.server": "dirae.org:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
'';
locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
};
"gitlab.dirae.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
};
}

16
packages/sshd/package.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
users.users."user".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnopPaLuQT4+5LzqiBM4JfdRamzArszOrfoDy96KpQL9jeZQhT4E7LE63tySza4auJyTkFcnfGEQQaAlCUYTVvWrvB6l2nG7mVZ5Cr0YvQ1U9AY+1OPE5wCSDUk9zaUm3ldWgUWRA/MyGtzm3kQ+ZtYIOqtvF6Ki5vPRYl+QR0cjThw5Sr/99sTqZwgmbPoAkLXnioSI+oOgV6H8M9XCuvwmlm6YKfBrjTQltj93GpSf24Lf9YaFc51Auao78AfOof/EtGWlcBrvfdjaS/scxSmHO9r/AShV/BEVboG+89i+Qia67cATGIwDLB6HZO1dO5qTSImzcQ/QnFW1E0IGZy3LvKd/FT8QCpHjDtPlsxWwIuTgyLD3c9OZTTA8w619QBKic3KEhuRkhuwOqSPgpvgkK8hS91gr8spL+6U4Bdgo8gZH14kj7ZhiNsIur0Chj/X1uCHGXEHhlV4ky2XAxhGSSr9fy06w4uPsIXGnSufm8jbBAhYDrNzaod2Q/73VE= user@workstation"
];
networking.firewall.allowedTCPPorts = [ 22 ];
}

31
packages/synapse/package.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, ... }:
{
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.matrix-synapse = {
enable = true;
settings.server_name = "dirae.org";
settings.listeners = [
{
port = 8008;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = true;
}];
}
];
};
}