2016-04-14 14:02:16 +02:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2024-04-27 10:56:26 +02:00
|
|
|
|
{ config, pkgs, lib, inputs, ... }: {
|
2016-04-14 14:02:16 +02:00
|
|
|
|
imports = [
|
2022-10-04 10:39:49 +02:00
|
|
|
|
./hetznercloud.nix
|
|
|
|
|
../../roles/server.nix
|
2023-05-10 20:45:04 +02:00
|
|
|
|
../../roles/datakami.nix
|
2022-10-04 10:39:49 +02:00
|
|
|
|
../../services/backup.nix
|
|
|
|
|
../../services/email.nix
|
2024-04-27 10:56:26 +02:00
|
|
|
|
inputs.yobot.nixosModules.default
|
2016-04-14 14:02:16 +02:00
|
|
|
|
];
|
|
|
|
|
|
2020-05-21 17:39:38 +02:00
|
|
|
|
system.stateVersion = "19.03";
|
2021-05-29 18:05:31 +02:00
|
|
|
|
|
2018-03-11 18:28:25 +01:00
|
|
|
|
services.yorick = {
|
2021-05-29 18:05:31 +02:00
|
|
|
|
public = {
|
|
|
|
|
enable = true;
|
|
|
|
|
vhost = "pub.yori.cc";
|
|
|
|
|
};
|
|
|
|
|
website = {
|
|
|
|
|
enable = true;
|
|
|
|
|
vhost = "yorickvanpelt.nl";
|
|
|
|
|
};
|
|
|
|
|
git = {
|
|
|
|
|
enable = true;
|
|
|
|
|
vhost = "git.yori.cc";
|
|
|
|
|
};
|
|
|
|
|
muflax-church = {
|
|
|
|
|
enable = true;
|
|
|
|
|
vhost = "muflax.church";
|
|
|
|
|
};
|
2023-06-04 16:48:25 +02:00
|
|
|
|
calibre-web = {
|
|
|
|
|
enable = true;
|
|
|
|
|
vhost = "calibre.yori.cc";
|
|
|
|
|
};
|
2024-01-01 16:44:54 +01:00
|
|
|
|
vpn-host.enable = true;
|
2020-05-21 17:39:38 +02:00
|
|
|
|
};
|
2016-04-21 22:45:06 +02:00
|
|
|
|
|
2022-10-04 10:39:49 +02:00
|
|
|
|
age.secrets.muflax.file = ../../../secrets/http.muflax.age;
|
2016-04-29 01:07:06 +02:00
|
|
|
|
services.muflax-blog = {
|
|
|
|
|
enable = true;
|
2021-05-29 18:05:31 +02:00
|
|
|
|
web-server = { port = 9001; };
|
2016-04-29 01:07:06 +02:00
|
|
|
|
hidden-service = {
|
|
|
|
|
hostname = "muflax65ngodyewp.onion";
|
2022-05-18 15:57:58 +02:00
|
|
|
|
private_key = config.age.secrets.muflax.path;
|
2016-04-29 01:07:06 +02:00
|
|
|
|
};
|
|
|
|
|
};
|
2024-01-01 16:44:54 +01:00
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
commonHttpConfig = "access_log off;";
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"yori.cc" = {
|
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
globalRedirect = "yorickvanpelt.nl";
|
|
|
|
|
};
|
|
|
|
|
"yorickvanpelt.nl".locations."/p1".return =
|
|
|
|
|
"301 https://git.yori.cc/yorick/meterkast";
|
|
|
|
|
"pub.yori.cc".locations."/muflax/".extraConfig = ''
|
|
|
|
|
rewrite ^/muflax/(.*)$ https://alt.muflax.church/$1 permanent;
|
2021-10-18 14:42:53 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
2018-05-25 00:27:43 +02:00
|
|
|
|
};
|
2024-01-01 16:44:54 +01:00
|
|
|
|
|
|
|
|
|
# TODO: reload cert in weechat
|
2023-03-22 12:55:13 +01:00
|
|
|
|
security.acme.certs."pennyworth.yori.cc".postRun = ''
|
|
|
|
|
cat fullchain.pem key.pem > /home/yorick/.weechat/ssl/relay.pem
|
|
|
|
|
chown yorick:users /home/yorick/.weechat/ssl/relay.pem
|
|
|
|
|
chmod 0600 $_
|
|
|
|
|
'';
|
2021-01-03 22:06:31 +01:00
|
|
|
|
|
2024-01-01 16:44:54 +01:00
|
|
|
|
users.users.yorick.packages = with pkgs; [ sshfs-fuse weechat ripgrep ];
|
2024-01-02 11:32:34 +01:00
|
|
|
|
networking.firewall.allowedTCPPorts = [ 60307 ]; # weechat relay
|
2024-02-07 11:21:24 +01:00
|
|
|
|
|
2024-04-27 10:56:26 +02:00
|
|
|
|
age.secrets.yobot.file = ../../../secrets/yobot.toml.age;
|
|
|
|
|
services.yobot = {
|
|
|
|
|
enable = true;
|
|
|
|
|
configFile = config.age.secrets.yobot.path;
|
|
|
|
|
};
|
2016-04-14 14:02:16 +02:00
|
|
|
|
}
|