nix-config/hosts/matemat/default.nix

{ pkgs, ... }:

{
  c3d2 = {
    deployment = {
      server = "server10";
      mounts = [ "etc" "home" "var"];
    };
  };

  microvm.mem = 2 * 1024;

  system.stateVersion = "22.05";

  networking = {
    hostName = "matemat";
    firewall.allowedTCPPorts = [ 80 443 ];
  };

  services = {
    nginx = {
      enable = true;
      virtualHosts."matemat.hq.c3d2.de" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:3000";
          extraConfig = ''
            satisfy any;
            auth_basic secured;
            auth_basic_user_file ${pkgs.matemat-auth};
            allow 2a00:8180:2c00:200::/56;
            allow 2a0f:5382:acab:1400::/56;
            allow fd23:42:c3d2:500::/56;
            allow 30c:c3d2:b946:76d0::/64;
            allow 172.22.99.0/24;
            allow 172.20.72.0/21;
            deny all;
          '';
        };
      };
    };
    yammat.enable = true;
  };

  programs.msmtp = {
    enable = true;
    accounts.default = {
      host = "mail.c3d2.de";
      port = 587;
      tls = true;
      tls_starttls = true;
      auth = false;
      domain = "matemat.hq.c3d2.de";
      from = "nek0@c3d2.de";
    };
  };
}
Deadnix, statix, other cleanups 2022-12-04 08:53:28 +01:00			`{ pkgs, ... }:`
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00
lib/default-gateway.nix: set only when running without systemd-networkd this would need GatewayOnLink=yes for the route on the interface 2021-03-06 01:10:53 +01:00			`{`
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`c3d2 = {`
			`deployment = {`
			`server = "server10";`
			`mounts = [ "etc" "home" "var"];`
			`};`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
grafana, matemat, spaceapi: enable autoUpdate 2022-01-12 01:46:13 +01:00
Increase matemat RAM 2022-06-19 11:32:48 +02:00			`microvm.mem = 2 * 1024;`
matemat needs more memory 2022-06-18 21:29:09 +02:00
add system.stateVersion to all the containers that still miss it 2022-06-21 18:32:15 +02:00			`system.stateVersion = "22.05";`

Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`networking = {`
			`hostName = "matemat";`
			`firewall.allowedTCPPorts = [ 80 443 ];`
			`};`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`services = {`
			`nginx = {`
			`enable = true;`
			`virtualHosts."matemat.hq.c3d2.de" = {`
			`default = true;`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:3000";`
			`extraConfig = ''`
			`satisfy any;`
			`auth_basic secured;`
			`auth_basic_user_file ${pkgs.matemat-auth};`
			`allow 2a00:8180:2c00:200::/56;`
put our new ipv6 range everywhere 2022-09-20 01:05:22 +02:00			`allow 2a0f:5382:acab:1400::/56;`
matemat: allow all the internal ipv6 subnets 2022-08-27 21:39:11 +02:00			`allow fd23:42:c3d2:500::/56;`
			`allow 30c:c3d2:b946:76d0::/64;`
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`allow 172.22.99.0/24;`
			`allow 172.20.72.0/21;`
			`deny all;`
			`'';`
			`};`
matemat: add auth 2021-03-06 02:28:46 +01:00			`};`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`yammat.enable = true;`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
ssmtp for matemat 2021-03-06 20:59:08 +01:00
matemat: replace ssmtp with msmtp for nixos-22.05 2022-05-31 18:19:34 +02:00			`programs.msmtp = {`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`enable = true;`
matemat: replace ssmtp with msmtp for nixos-22.05 2022-05-31 18:19:34 +02:00			`accounts.default = {`
			`host = "mail.c3d2.de";`
			`port = 587;`
			`tls = true;`
			`tls_starttls = true;`
			`auth = false;`
			`domain = "matemat.hq.c3d2.de";`
			`from = "nek0@c3d2.de";`
rewrite hostname to satisfy helo restrictions 2021-04-30 10:36:37 +02:00			`};`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`};`
lib/default-gateway.nix: set only when running without systemd-networkd this would need GatewayOnLink=yes for the route on the interface 2021-03-06 01:10:53 +01:00			`}`