natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hosts/remilia: update nginx config

Browse Source
This commit is contained in:
Amneesh Singh
2022-11-23 00:11:33 +05:30
parent b305a2ea68
commit ba36e86aec
2 changed files with 34 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/remilia/mailserver.nix
View File

@@ -6,15 +6,13 @@
sendingFqdn = fqdn; sendingFqdn = fqdn;
domains = singleton "weirdnatto.in"; domains = singleton "weirdnatto.in";
certificateDomains = singleton "mail.weirdnatto.in"; certificateDomains = singleton "mail.weirdnatto.in";
certificateScheme = 2; certificateScheme = 3;
loginAccounts = { loginAccounts = {
"natto@weirdnatto.in" = { "natto@weirdnatto.in" = {
hashedPasswordFile = "/var/secrets/natto@weirdnatto.in.key"; hashedPasswordFile = "/var/secrets/natto@weirdnatto.in.key";
aliases = [ "@weirdnatto.in" ];
}; };
"masti@weirdnatto.in" = { "masti@weirdnatto.in" = {
hashedPasswordFile = "/var/secrets/masti@weirdnatto.in.key"; hashedPasswordFile = "/var/secrets/masti@weirdnatto.in.key";
aliases = [ "@weirdnatto.in" ];
}; };
}; };
enablePop3 = false; enablePop3 = false;

87
hosts/remilia/services.nix
View File

@@ -13,29 +13,46 @@
}; };
nginx = { nginx = {
enable = true; enable = true;
package = (pkgs.nginx.overrideAttrs (oa: { clientMaxBodySize = "512m";
configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ]; package = pkgs.nginx.override {
})); withMail = true;
};
appendHttpConfig = ''
map $uri $expires {
default off;
~\.(jpg|jpeg|png|gif|ico|css|js|pdf)$ 30d;
}
'';
virtualHosts = virtualHosts =
let let
genericHttpRProxy = { addr, ssl ? true, conf ? "" }: { genericHttpRProxy = { addr, ssl ? true, conf ? "" }: {
addSSL = true; addSSL = ssl;
enableACME = ssl; enableACME = ssl;
locations."/" = { locations."/" = {
proxyPass = toString addr; proxyPass = toString addr;
extraConfig = '' extraConfig = ''
expires $expires;
proxy_set_header Host $host; proxy_set_header Host $host;
'' + conf; '' + conf;
}; };
}; };
in in
{ {
"weirdnatto.in" = {
addSSL = true;
enableACME = true;
locations."/" = {
root = "/var/lib/site";
index = "index.html";
};
serverAliases = [ "www.weirdnatto.in" ];
};
"vault.weirdnatto.in" = genericHttpRProxy { addr = "https://10.55.0.2:8800"; }; "vault.weirdnatto.in" = genericHttpRProxy { addr = "https://10.55.0.2:8800"; };
"consul.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.2:8500"; }; "consul.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.2:8500"; };
"ci.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.2:6666"; }; "f.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.2:8888"; };
"radio.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.3:8000"; }; "radio.weirdnatto.in" = genericHttpRProxy { addr = "http://10.55.0.3:8001"; };
"git.weirdnatto.in" = genericHttpRProxy { "git.weirdnatto.in" = genericHttpRProxy {
addr = "http://10.55.0.2:5000"; addr = "http://10.55.0.2:5001";
conf = "client_max_body_size 64M;"; conf = "client_max_body_size 64M;";
}; };
"nomad.weirdnatto.in" = genericHttpRProxy { "nomad.weirdnatto.in" = genericHttpRProxy {
@@ -45,60 +62,21 @@
proxy_read_timeout 310s; proxy_read_timeout 310s;
''; '';
}; };
"weirdnatto.in" = { "alo.weirdnatto.in" = genericHttpRProxy {
addSSL = true; addr = "http://10.55.0.2:4004";
enableACME = true; conf = ''
locations."/".proxyPass = "http://10.55.0.2:80"; proxy_set_header X-Real-IP $remote_addr;
serverAliases = [ "www.weirdnatto.in" ]; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
}; };
}; };
}; };
vault-agent = {
enable = true;
settings = {
vault = {
address = "https://10.55.0.2:8800";
client_cert = "/var/certs/cert.pem";
client_key = "/var/certs/key.pem";
};
auto_auth = {
method = [
{
"cert" = {
name = "Remilia";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Remilia/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
{
source = pkgs.writeText "natto@weirdnatto.in.tpl" ''
{{ with secret "kv/systems/Remilia/mail" }}{{ .Data.data.nattomail }}{{ end }}
'';
destination = "/var/secrets/natto@weirdnatto.in.key";
}
{
source = pkgs.writeText "masti@weirdnatto.in.tpl" ''
{{ with secret "kv/systems/Remilia/mail" }}{{ .Data.data.mastimail }}{{ end }}
'';
destination = "/var/secrets/masti@weirdnatto.in.key";
}
];
};
};
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILCH975XCps+VCzo8Fpp5BkbtiFmj9y3//FBVYlQ7/yo" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILCH975XCps+VCzo8Fpp5BkbtiFmj9y3//FBVYlQ7/yo"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0jyHWuWBKzucnARINqQ/A0AFPghxayh0DDthbpOhaz" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMu+SbTrfE62nT7gkZCwiOVOlI2TkVz+RJQ49HbnHvnQ"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFyKi0HYfkgvEDvjzmDRGwAq2z2KOkfv7scTVSnonBh" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFyKi0HYfkgvEDvjzmDRGwAq2z2KOkfv7scTVSnonBh"
]; ];
security.acme = { security.acme = {
@@ -106,7 +84,8 @@
certs = { certs = {
"weirdnatto.in".extraDomainNames = lib.singleton "www.weirdnatto.in"; "weirdnatto.in".extraDomainNames = lib.singleton "www.weirdnatto.in";
} // } //
lib.mapAttrs' (n: _: lib.nameValuePair n ({ email = "natto@weirdnatto.in"; })) config.services.nginx.virtualHosts; lib.mapAttrs (n: _: { email = "natto@weirdnatto.in"; })
(lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
}; };
security.pki.certificateFiles = [ ../../cert.pem ]; security.pki.certificateFiles = [ ../../cert.pem ];
} }