mirror of https://git.jolheiser.com/dotnix.git
jolheiser
parent
075e21bf0b
commit
6800193a85
|
|
@ -70,6 +70,9 @@ in {
|
||||||
"recipes.jolheiser.com".extraConfig = ''
|
"recipes.jolheiser.com".extraConfig = ''
|
||||||
reverse_proxy localhost:3663
|
reverse_proxy localhost:3663
|
||||||
'';
|
'';
|
||||||
|
"irc.jolheiser.com".extraConfig = ''
|
||||||
|
reverse_proxy localhost:7658
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ let
|
||||||
username = "jolheiser";
|
username = "jolheiser";
|
||||||
key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
|
key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
|
||||||
in {
|
in {
|
||||||
imports = [./caddy.nix ./dex.nix ./git-pr.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
|
imports = [./caddy.nix ./dex.nix ./git-pr.nix ./golink.nix ./gotosocial.nix ./restic.nix ./soju.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
|
||||||
|
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
@ -12,7 +12,7 @@ in {
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [80 443];
|
allowedTCPPorts = [80 443 6697];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
{lib, ...}: let
|
||||||
|
baseCertPath = "/var/lib/acme/irc.jolheiser.com";
|
||||||
|
in {
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
email = "irc@jolheiser.com";
|
||||||
|
certs."irc.jolheiser.com" = {
|
||||||
|
listenHTTP = ":7658";
|
||||||
|
postRun = "systemctl reload soju";
|
||||||
|
group = "soju";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.soju = {
|
||||||
|
enable = true;
|
||||||
|
tlsCertificate = "${baseCertPath}/fullchain.pem";
|
||||||
|
tlsCertificateKey = "${baseCertPath}/key.pem";
|
||||||
|
};
|
||||||
|
systemd.services.soju.serviceConfig = {
|
||||||
|
DynamicUser = lib.mkForce false;
|
||||||
|
User = "soju";
|
||||||
|
Group = "soju";
|
||||||
|
ReadOnlyPaths = baseCertPath;
|
||||||
|
};
|
||||||
|
users = {
|
||||||
|
users.soju = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "soju";
|
||||||
|
};
|
||||||
|
groups.soju = {};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue