natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
436a6dfa344ba2a232c08e48ed563d5ef2ff8569
dotfiles/hosts/remilia/services.nix
natto1784 436a6dfa34 some marisa changes 
changed marisa services (consul and vault)
2022-01-20 23:11:35 +05:30

80 lines
2.2 KiB
Nix
Executable File
Raw Blame History

{config, pkgs, ...}:
{
services = {
openssh = { enable = true;
permitRootLogin = "yes";
};
nginx = {
enable = true;
package = (pkgs.nginx.overrideAttrs(oa: {
configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ];
}));
virtualHosts = {
"weirdnatto.in" = {
addSSL = true;
enableACME = true;
locations."/".proxyPass = "http://10.55.0.2:80";
serverAliases = [ "www.weirdnatto.in" ];
};
"git.weirdnatto.in" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://10.55.0.2:5001";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
};
};
vault-agent = {
enable = true;
settings = {
vault = {
address = "https://10.55.0.2:8800";
client_cert = "/var/vault/cert.pem";
client_key = "/var/vault/key.pem";
};
auto_auth = {
method = [
{
"cert" = {
name = "Remilia";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Remilia/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
{
source = pkgs.writeText "natto@weirdnatto.in.tpl" ''
{{ with secret "kv/systems/Remilia" }}{{ .Data.data.nattomail }}{{ end }}
'';
destination = "/var/secrets/natto@weirdnatto.in.key";
}
];
};
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILCH975XCps+VCzo8Fpp5BkbtiFmj9y3//FBVYlQ7/yo"
];
security.acme = {
acceptTerms = true;
certs = {
"weirdnatto.in".email = "natto+acme@weirdnatto.in";
"git.weirdnatto.in".email = "git+acme@weirdnatto.in";
};
};
security.pki.certificateFiles = [ ../../cert.pem ];
}
Reference in New Issue View Git Blame Copy Permalink