natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
72ea26c17e7aa1bfd350006eebf4adde78b85904
dotfiles/hosts/remilia/services.nix

80 lines
2.2 KiB
Nix
Executable File
Raw Blame History

{config, pkgs, ...}:
{
services = {
openssh = { enable = true;
permitRootLogin = "yes";
};
nginx = {
enable = true;
package = (pkgs.nginx.overrideAttrs(oa: {
configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ];
}));
virtualHosts = {
"weirdnatto.in" = {
addSSL = true;
enableACME = true;
locations."/".proxyPass = "http://10.55.0.2:80";
serverAliases = [ "www.weirdnatto.in" ];
};
"git.weirdnatto.in" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://10.55.0.2:5001";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
};
};
vault-agent = {
enable = true;
settings = {
vault = {
address = "https://10.55.0.2:8800";
client_cert = "/var/certs/cert.pem";
client_key = "/var/certs/key.pem";
};
auto_auth = {
method = [
{
"cert" = {
name = "Remilia";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Remilia/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
{
source = pkgs.writeText "natto@weirdnatto.in.tpl" ''
{{ with secret "kv/systems/Remilia" }}{{ .Data.data.nattomail }}{{ end }}
'';
destination = "/var/secrets/natto@weirdnatto.in.key";
}
];
};
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILCH975XCps+VCzo8Fpp5BkbtiFmj9y3//FBVYlQ7/yo"
];
security.acme = {
acceptTerms = true;
certs = {
"weirdnatto.in".email = "natto+acme@weirdnatto.in";
"git.weirdnatto.in".email = "git+acme@weirdnatto.in";
};
};
security.pki.certificateFiles = [ ../../cert.pem ];
}
Reference in New Issue View Git Blame Copy Permalink